Find Flask and Django bugs delightfully fast, without changing your workflow

Find bugs that matter

Checks find security and reliability bugs in your code. They’re vetted across thousands of open source projects and never nit your style.


Upgrade your tooling

You don’t have to fix existing bugs to adopt Bento. It’s diff-centric, finding new bugs introduced by your changes. And there’s zero config.


Go delightfully fast

Run Bento automatically locally or in CI. Either way, it runs offline and never sends your code anywhere.

You 💚 Flask and Django. So Do We.

Inspired by tools like the ESLint plugin for React, we created Bento for Flask and Django apps, and their related web libraries. Bento’s specialty checks focus on actual bugs, are stress-tested across thousands of projects, and never bother you with style nits.

Checks for Web Frameworks

  • missing JWT token
  • secure set cookie
  • send file open
  • unescaped file extension
  • use blueprint for modularity
  • use jsonify
  • avoid hardcoded config
  • no auth over http
  • use scheme
  • use timeout
  • anchor
    • href template variable
    • missing noopener
    • missing noreferrer
  • form
    • missing csrf protection
  • missing doctype
  • meta charset
  • meta content-type
  • unquoted attribute template variable
  • Avoid raw SQL queries
  • Avoid NULL for string fields
  • Set string field to avoid constraint violations
  • Use DecimalField for currency
  • Open redirect
  • Use JsonResponse
  • Use .count() instead of len()
  • coming soon
  • Hadolint
Shell files
  • ShellCheck

Your Code, Your Workflow

We understand the importance of getting out of the way so you can write great code. Bento runs on your diffs, giving you meaningful feedback right when you commit code, not hours or days later.
Write and commit code
Bento checks and notifies you of any findings
Review, fix, or skip issues

And all analysis runs on your machine — your code isn’t sent anywhere. Bento collects usage data to help improve its underlying tools and user experience. Learn more in the Bento privacy policy.

The Bento Team

r2c, the team behind Bento

We’re r2c, a small San Francisco startup passionate about improving software security and reliability.

Our team has come from many different technical backgrounds (Facebook, Microsoft, Google, to name a few) working mostly in the security space. We make tools for developers, researchers, and white hats that simplify program analysis and make it accessible in the development workflow.

Visit to learn more about us!