Installation · Motivations · Code Checks · Usage
Workflows · Integrations · Help & Community
Flask | Jinja | Django |
missing JWT token | href template variable | coming soon |
secure set cookie | missing noopener | |
send file open | missing noreferrer | Docker |
unescaped file extension | missing csrf protection | Hadolint |
use blueprint for modularity | missing doctype | |
use jsonify | meta charset | Shell |
avoid hardcoded config | meta content-type | ShellCheck |
unquoted attribute template variable | ||
Requests | ||
no auth over http | SQLAlchemy | |
use scheme | coming soon | |
use timeout |
bento check
may exit with the following exit codes:0
: Bento ran successfully and found no errors2
: Bento ran successfully and found issues in your code3
: Bento or one of its underlying tools failed to runautorun
behind the scenes. By default autorun
blocks the commit if Bento returns findings. To make it non-blocking:.bento/archive.json
). Use --all
to check all Git tracked files, not just those that are staged:--no-verify
flag to Git at commit-time (please use this sparingly since all hooks will be skipped):bento enable ci
in your project directory.This will add a CI configuration file to your repository.archive
feature allows historical issues to be tracked and ignored during CI.archive
feature so Bento returns a non-zero exit code only for new issues, rather than all existing issues, first create the archive:cat
to disable Bento's interactive tty features (e.g. progress bars, using a pager for many findings).bento check
will exit with a non-zero exit code if it finds issues in your code (see Exit Codes).Copyright (c) r2c.