This hook only exists for historical reasons. It offers no benefits over the official bandir pre-commit hook, that you should use instead: PyCQA/bandit/.pre-commit-hooks.yaml
A pre-commit hook to find common security issues in your Python code using bandit.
You can check the plugins list & examples for tangible use cases.
- repo: https://github.com/Lucas-C/pre-commit-hooks-bandit rev: v1.0.5 hooks: - id: python-bandit-vulnerability-check You can also specify a custom .banditrc file, specific directories to check, test IDs to skip or the alerting level :
- id: python-bandit-vulnerability-check args: [--verbose, --ini, .banditrc, -ll, --skip, "B321,B402", --recursive, src/lib] The default arguments are defined here and indicate to check for high-severity issues in all the repo files recursively.
Note that pre-commit will pass to bandit the list of all staged files that match the files regular expression in .pre-commit-config.yaml.
If you want to execute bandit only on modified Python files, you'll need:
- to target the Python files / directories with the
filesfield in.pre-commit-config.yaml - to override the
argsfield so it does not include--recursive
- id: python-bandit-vulnerability-check args: [] files: .py$ You'll need to pip install bandit beforehand:
- repo: local hooks: - id: python-bandit-vulnerability-check entry: bandit args: [-lll, --recursive, .] language: system files: '' name: bandit 
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}