This post was originally published on Siv Scripts

Bandit is a static analysis tool that can find common security issues in Python code. The command line utility scans .py files and generates a report detailing issues by confidence and severity.

I ran Bandit on a few of my repositories and found I was using md5 to hash passwords in one of my side projects. It was a hack with a TODO fix comment, but I had forgotten about it. Thanks to Bandit, I have changed my password hashing algorithm to bcrypt2. Also learned about PassLib as I was researching how to salt and hash passwords.

The Rackspace blog has a post on Getting Started with Bandit that I recommend checking out.