A Visual Studio Code extension with support for the bandit linter. The extension ships with bandit=1.7.5.
This is based pretty much entirely on the ms-python.flake8 extension.
Note:
This extension is supported for all actively supported versions of the python language (i.e., python >= 3.8).
Minimum supported version of bandit is 1.7.5.
Usage
Once installed in Visual Studio Code, bandit will be automatically executed when you open a Python file.
If you want to disable bandit, you can disable this extension per workspace in Visual Studio Code.
Settings
Settings
Default
Description
bandit.args
[]
Custom arguments passed to bandit. E.g "bandit.args" = ["--config=<file>"]
bandit.cwd
${workspaceFolder}
This setting specifies the working directory for bandit. By default, it uses the root directory of the workspace ${workspaceFolder}. If you want bandit to operate within the directory of the file currently being linted, you can set this to ${fileDirname}.
Controls mapping of severity from bandit to VS Code severity when displaying in the problems window.
bandit.logLevel
error
Sets the tracing level for the extension.
bandit.path
[]
Setting to provide custom bandit executable. This will slow down linting, since we will have to run bandit executable every time or file save or open. Example 1: ["~/global_env/bandit"] Example 2: ["conda", "run", "-n", "lint_env", "python", "-m", "bandit"]
bandit.interpreter
[]
Path to a python interpreter to use to run the linter server. When set to [], the interpreter for the workspace is obtained from ms-python.python extension. If set to some path, that path takes precedence, and the Python extension is not queried for the interpreter.
bandit.importStrategy
useBundled
Setting to choose where to load bandit from. useBundled picks bandit bundled with the extension. fromEnvironment uses bandit available in the environment.
bandit.showNotification
off
Setting to control when a notification is shown.
bandit.ignorePatterns
[]
Glob patterns used to exclude files and directories from being linted.
