HTML formatter
This formatter outputs the issues as HTML.
- Example:
<!DOCTYPE html>
<meta charset="UTF-8">
Bandit Report
html * {
font-family: "Arial", sans-serif;
pre {
font-family: "Monaco", monospace;
.bordered-box {
border: 1px solid black;
.metrics-box {
font-size: 1.1em;
line-height: 130%;
.metrics-title {
font-size: 1.5em;
font-weight: 500;
margin-bottom: .25em;
.issue-description {
font-size: 1.3em;
font-weight: 500;
.candidate-issues {
margin-left: 2em;
border-left: solid 1px; LightGray;
padding-left: 5%;
margin-top: .2em;
margin-bottom: .2em;
.issue-block {
border: 1px solid LightGray;
padding-left: .5em;
padding-top: .5em;
padding-bottom: .5em;
margin-bottom: .5em;
.issue-sev-high {
background-color: Pink;
.issue-sev-medium {
background-color: NavajoWhite;
.issue-sev-low {
background-color: LightCyan;
<div id="metrics">
<div class="metrics-box bordered-box">
<div class="metrics-title">
Total lines of code: <span id="loc">9</span><br>
Total lines skipped (#nosec): <span id="nosec">0</span>
<div id="results">
<div id="issue-0">
<div class="issue-block issue-sev-medium">
<b>yaml_load: </b> Use of unsafe yaml load. Allows
instantiation of arbitrary objects. Consider yaml.safe_load().<br>
<b>Test ID:</b> B506<br>
<b>Severity: </b>MEDIUM<br>
<b>Confidence: </b>HIGH<br>
<b>CWE: </b>CWE-20 (<br>
<b>File: </b><a href="examples/"
target="_blank">examples/</a> <br>
<b>More info: </b><a href="
plugins/yaml_load.html" target="_blank"></a>
<div class="code">
5 ystr = yaml.dump({'a' : 1, 'b' : 2, 'c' : 3})
6 y = yaml.load(ystr)
7 yaml.dump(y)
Added in version 0.14.0.
Changed in version 1.5.0: New field more_info added to output
Changed in version 1.7.3: New field CWE added to output