Skip to content
Recued
Menu
← Back to packs

Bandit Pack

by recued-core v1 app_pack

V3 Python security-lint capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local bandit CLI ingredient exposes bounded project operations for readiness and Python security linting. Scans run from an explicit project directory cwd supplied at execution time, inspect one trusted Python file or directory for common security issues, and return JSON findings via the python.security_lint catalog operation. Fixed-function and reproducible: recursive scan, JSON output, low severity/confidence threshold, no caller-supplied config/profile/test/skip list, no baseline comparison, no output-file write, no stdin, no custom formatter/template, no shell wrapper, and no network egress. Findings are represented as successful JSON output; real invocation failures still fail. Requires bandit on PATH. Local and no-egress.

What this pack installs

  • bandit Ingredient

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Server only Runs on your server.

What it's allowed to do

Read Local CLI bandit read-only
Read: bandit.version · No approvalRead: python.security_lint · No approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:banditbanditpythonsecuritylintsastjsondeveloper-toolsqualitydeterministiclocal-servicev3composition