Bandit is a static analysis tool that can find common security issues in Python code. The command line utility scans
.py files and generates a report detailing issues by confidence and severity.
I ran Bandit on a few of my repositories and found I was using
md5 to hash passwords in one of my side projects. It was a hack with a
TODO fix comment, but I had forgotten about it. Thanks to Bandit, I have changed my password hashing algorithm to
bcrypt2. Also learned about PassLib as I was researching how to salt and hash passwords.
The Rackspace blog has a post on Getting Started with Bandit that I recommend checking out.