Comparison with Bandit

The pycharm-security plugin has some significant differences to Bandit:

  • It is fully integrated into PyCharm (and other Jetbrains IDE products)
  • It uses the Intellij PSI Tree instead of the Python AST. Your code is checked as you type. There is no need to re-run the scanner after modifying files.
  • Many of the checks offer quick fixes
  • It scans your installed packages in the projects against SafetyDB, bandit only looks at your code
  • Many of the checks use the context of the code to reduce false-positives, where bandit would otherwise raise an alert

Equivalent Checks

This plugin is still lacking some of the checks that are offered in Bandit.

List of bandit plugins that have equivalent checks in pycharm-security:

Plugin Status Check (Flask Debug) Yes FLK100 Yes AST100 (requests no verify) Yes RQ100 Yes DJG101 Yes DJG102 Yes EX100 Yes OS100 Yes NET100 Yes PW101 Yes TMP101 Yes HL100 Yes PAR101 Yes PR100 Yes SQL100 Yes PR100 Yes SSL100 Yes JJ100 Yes MK100 Yes PAR100 Yes TRY101 Yes TRY100 No Yes YML100