Find Flask and Django bugs delightfully fast, without changing your workflow
Bug

Find bugs that matter

Checks find security and reliability bugs in your code. They’re vetted across thousands of open source projects and never nit your style.

Flags

Upgrade your tooling

You don’t have to fix existing bugs to adopt Bento. It’s diff-centric, finding new bugs introduced by your changes. And there’s zero config.

Rocket

Go delightfully fast

Run Bento automatically locally or in CI. Either way, it runs offline and never sends your code anywhere.

You 💚 Flask and Django. So Do We.

Inspired by tools like the ESLint plugin for React, we created Bento for Flask and Django apps, and their related web libraries. Bento’s specialty checks focus on actual bugs, are stress-tested across thousands of projects, and never bother you with style nits.

Checks for Web Frameworks

Flask
  • missing JWT token
  • secure set cookie
  • send file open
  • unescaped file extension
  • use blueprint for modularity
  • use jsonify
  • avoid hardcoded config
Requests
  • no auth over http
  • use scheme
  • use timeout
Jinja
  • anchor
    • href template variable
    • missing noopener
    • missing noreferrer
  • form
    • missing csrf protection
  • missing doctype
  • meta charset
  • meta content-type
  • unquoted attribute template variable
Django
  • Avoid raw SQL queries
  • Avoid NULL for string fields
  • Set string field to avoid constraint violations
  • Use DecimalField for currency
  • Open redirect
  • Use JsonResponse
  • Use .count() instead of len()
SQLAlchemy
  • coming soon
Docker
  • Hadolint
Shell files
  • ShellCheck

Your Code, Your Workflow

We understand the importance of getting out of the way so you can write great code. Bento runs on your diffs, giving you meaningful feedback right when you commit code, not hours or days later.
1.
code
Write and commit code
2.
notify
Bento checks and notifies you of any findings
3.
review
Review, fix, or skip issues

And all analysis runs on your machine — your code isn’t sent anywhere. Bento collects usage data to help improve its underlying tools and user experience. Learn more in the Bento privacy policy.

The Bento Team

r2c, the team behind Bento

We’re r2c, a small San Francisco startup passionate about improving software security and reliability.


Our team has come from many different technical backgrounds (Facebook, Microsoft, Google, to name a few) working mostly in the security space. We make tools for developers, researchers, and white hats that simplify program analysis and make it accessible in the development workflow.


Visit r2c.dev to learn more about us!