Bandit 0.16.0

[New Features]
- Revamped baseline detection and reporting

[Enhancements
- Added support for some Python 3 versions of blacklisted calls
- Improved appearance of HTML report
- Shell subprocess calls use same improved logic as shell=True calls

[Behind the Scenes]
- Fixed a bug in the shell injection test
- Fixed a bug in text formatter excluded files listing
- Fixed a bug when processing a tuple as a function parameter
- Added a new test case for a constructed subprocess call

- minor bug fix to shell injection detection test

Bandit 0.15.1

[Enhancements]
- Add missing HTTP verbs to request checks
- Making score output more useful in text/json formatters

[Behind the Scenes]
- Remove coverage files after run
- Fixing baseline functionality when using filters
- Fixing an error when specifying bad input files

Bandit 0.15.0

[New Features]
 - new plugin that checks for Flask with debug=True
 - "baseline" reporting

[Enhancements]
 - plugin names now shown in reports
 - metrics now shown in HTML report
 - HTML report styling done with CSS
 - changed oslo secret config option confidence
 - distinguished levels of command injection findings

[Behind the Scenes]
 - misc improvements
 - refactored metrics code

[Documentation]
 - added a few missing topics
 - added links to relevant security development guidance

Debian release 0.13.2-3

[New Features]

* Adding command line option to exclude paths
* Tweaks to #nosec (+ ignore flag, - dead constant)
* Add metrics to text and JSON output formatters
* Include context in debug output
* Tidy up plugin list in 'bandit -h' output

[New functionality]
* Add a new check for weak RSA and DSA key sizes
* Add known weak ciphers to blacklisted calls
* Check for insecure cipher modes
* Adding HTML formatter
* Add Bytes AST support

[Notable Improvements]
* Adding documentation for all current tests
* Making the /tmp file test more accurate
* Adding new improved hardcoded password tests
* Increasing unit test coverage
* Split each formatter into separate modules
* Refactored (removed) the old Result Store
* Adding test tool for check OpenStack projects' Bandit job
* Introduce wildcards to blacklist_calls plugin

[Misc]
* Various cleanups in bandit.yaml
* Various performance improvements
* Various Py3 compatibility improvements
* Fixing various bugs
* Tidying up various things in the code base
* Removing (broken) argument printing
* Remove tox envirnoment for pypy
* Skip '/tests/' by default
* Raise exceptions from BanditConfig rather than exit
* Better function to count lines in a file

Debian release 0.13.2-2

Debian release 0.13.2-1

Fixing an issue with finding config in virtualenv

More graceful handling of missing plugin config

Bandit Version 0.13.0

Introduces the following improvements:

Plugins now registered as entry points
Improved Bandit run speed
Added a confidence filter option
Added timestamp to JSON report
New plugin to detect Try, Except, Pass
Improved detection for hardcoded /tmp
    plugin
Produce universal wheel
Created an example profile which lists
    all current plugins
Updated readme and formatting
Fixed a bug where correct error code was
    not sent when filtering results
Fixed a bug in SQL injection plugin and
    improved detection
Bundled wordlist for hardcoded password
    plugin
Other enhancements, bug fixes, and
    improvements

tagging package bandit version debian/0.12.0-1

Upstream version 0.12.0

Bandit 0.12.0

New since last version:
 - Fixed multiline string line number reporting
 - Stevedore based extension system
 - New paramiko shell injection test
 - Misc bug fixes
 - Updated README file
 - Added verbose output flag
 - Added Python 3.4 compatibility
 - Reported version of Python Bandit is using
 - Added documentation for some plugins
 - Added XML output support

0.11.0

- Fix config installation for bdist
- Add confidence metric
- Add xml plugin
- Add assert usage plugin
- Add csv output format
- Misc bug fixes
- Refactored some code
- Updated README

Bundle config with binary install

Initial PyPI release version

Initial Bandit release