There are several issues open that suggest that it is unclear how Bandit is meant to be executed. In fact, there are no usage instructions at all in the Bandit docs.

Describe the solution you'd like

There should be simple, crisp, usage instructions in the Bandit docs, e.g.

Install Bandit:

pip install bandit

Run Bandit o

Environment

Cobra version: 2.0.0-alpha.5
Python version: 2.7.10
Operating system: Darwin-15.5.0-x86_64-i386-64bit
Command line: cobra.py -t tests/vulnerabilities/ -r CVI-167001.xml

Traceback

Traceback (most recent call last):
  File "/Users/Viarus/Documents/cobra/cobra/__init__.py", line 82, in main
    cli.start(args.target, args.format, args.output, args.special_rules, a_sid)
 

Add example usage logs to the documentation for all applicable modules.

During an application scan, we do check to see if there is a robots.txt file, though we don't parse this file, nor do we do anything else with it - other than letting the user know that it exists. What we should do is parse the file, and feed what we find into the URL list for the spider, so that we can make sure that we pick up any content that is included there, but not linked to from the port

The Readme documentation for openvas engine advise to use the docker image mikesplain/openvas but this version is old with gmpv7. Engine-openvas.py imports gvm.protocols.latest which works with the latest version of openvas (gvm11). I see two options:

• Point to the docker image securecompliance/gvm which provides a version 11. In this case you will have to modify the docker image to star