Integrate Bandit into CI/CD

What is Bandit?

Bandit is a popular open-source security scanning tool for the Python language.  Bandit is good for finding common coding errors.

Security Stage SAST (Static code analysis)
Type Open Source
Languages Python
Site https://bandit.readthedocs.io/en/latest/ 

 

Pre-requisite

1 You'll need a Git address to scan

 

How do I set it up?

Adding Bandit to your set of security tests is simple.

  • Click on the application you wish to add the tool for, and edit the version (stage) configuration.

EditStage

  • Ensure that the version's 'Uri' is set to the Git URL of the repo being tested (either through the Uleska UI, or via the CLI/API). This will include the branch and auth details needed.

SASTSetup-1

  • Click 'Save'
  • Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Bandit' as a tool

bandit

  • Click Save.

Now any time you click 'Test Now' with that ToolKit, or make a request over the Uleska API or CLI with that ToolKit, the Bandit tool will be included in the test run and any results added to your vulnerabilities list.

Notes

Currently, the Bandit adaptor will run the default set of tests, recursively going through the files in the codeline.  Configuration for profiles, test IDs, and levels are not currently supported but will be included in a future release.