HTML formatter

This formatter outputs the issues as HTML.

<!DOCTYPE html>

<meta charset="UTF-8">

    Bandit Report


html * {
    font-family: "Arial", sans-serif;

pre {
    font-family: "Monaco", monospace;

.bordered-box {
    border: 1px solid black;

.metrics-box {
    font-size: 1.1em;
    line-height: 130%;

.metrics-title {
    font-size: 1.5em;
    font-weight: 500;
    margin-bottom: .25em;

.issue-description {
    font-size: 1.3em;
    font-weight: 500;

.candidate-issues {
    margin-left: 2em;
    border-left: solid 1px; LightGray;
    padding-left: 5%;
    margin-top: .2em;
    margin-bottom: .2em;

.issue-block {
    border: 1px solid LightGray;
    padding-left: .5em;
    padding-top: .5em;
    padding-bottom: .5em;
    margin-bottom: .5em;

.issue-sev-high {
    background-color: Pink;

.issue-sev-medium {
    background-color: NavajoWhite;

.issue-sev-low {
    background-color: LightCyan;



<div id="metrics">
    <div class="metrics-box bordered-box">
        <div class="metrics-title">
        Total lines of code: <span id="loc">9</span><br>
        Total lines skipped (#nosec): <span id="nosec">0</span>

<div id="results">

<div id="issue-0">
<div class="issue-block issue-sev-medium">
    <b>yaml_load: </b> Use of unsafe yaml load. Allows
    instantiation of arbitrary objects. Consider yaml.safe_load().<br>
    <b>Test ID:</b> B506<br>
    <b>Severity: </b>MEDIUM<br>
    <b>Confidence: </b>HIGH<br>
    <b>CWE: </b>CWE-20 (<br>
    <b>File: </b><a href="examples/"
    target="_blank">examples/</a> <br>
    <b>More info: </b><a href="
    plugins/yaml_load.html" target="_blank"></a>

<div class="code">
5       ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
6       y = yaml.load(ystr)
7       yaml.dump(y)




New in version 0.14.0.

Changed in version 1.5.0: New field more_info added to output

Changed in version 1.7.3: New field CWE added to output