Skip to content

[FEATURE]: Integrate Bandit Static Application Security Testing (SAST) for Python files #1721

Description

@Rafiaminhaj

Feature Description

Add a new security scanner integration under the static analysis category: Bandit Python SAST Scanner. Bandit is a tool designed to find common security issues (like shell injections, hardcoded passwords, unsafe imports) in Python code.

Expected Behavior

  • Integrate Bandit execution within the backend FastAPI orchestration.
  • Parse Bandit's JSON output format and normalize findings into SecuScan's standard findings schema (Severity, File, Line, Code Snippet, and Remediation).
  • Display Python code vulnerabilities in the React/TypeScript frontend workspace alongside other scans.

Additional Context

Since SecuScan is a local-first security scanning workspace, adding a python-specific SAST tool like Bandit will provide great value for Python developers looking to scan their scripts locally.


I would love to take ownership of this feature and implement it under GSSoC'26. Please assign this issue to me. Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions