It is possible to incorporate bandit results in the TICS output
bandit is a Security checker for Python.
For a successful
bandit integration, the following prerequisites
must be met:
bandit and its requirements should be available.
By default, TICS attempts to find
bandit on the
Alternatively, a specific Python interpreter and/or a specific
can be used.
The configuration for
bandit can be added to either the SERVER.yaml to apply them for all
projects, or in PROJECTS.yaml to
enable project-specific settings. If the properties are declared in the SERVER
file and also in the PROJECT file, the project-specific properties will
override the global properties.
The following properties can (optionally) be declared, either on SERVER or PROJECT level:
TOOLS: bandit: INTERPRETER: '/path/to/python' INSTALLDIR: '/path/to/directory'
INTERPRETER property can be used to specify the path to a
Python interpreter, such as
/usr/bin/python. If this property is
not set, the default Python interpreter will be used.
Note that the Python interpreter has an effect on the violations that are produced by bandit. It is recommended to use the interpreter in which the project is supposed to run.
As an alternative to specifying a Python interpreter, an installation directory
can be set through the
This installation directory can either be a full Python installation containing
bandit, or a virtual environment with access to bandit.
The installation directory can be specified either as an absolute path (e.g.,
/usr/local/python), or as a relative path from the
chk directory (e.g.,