Introduction#
Python Code Audit is a Static Application Security Testing (SAST) tool used to find security weaknesses in Python code.
Getting Started
In the Getting Started section you can find installation instructions and a high-level overview of the main concepts.
User Guide
Check out the User Guides for in-depth information on the key concepts of Python Code Audit.
API Reference
The API reference guide contains detailed information on all methods to create your own dashboards or extra functionality for your specific needs.
Contributor’s Guide
Want to improve the documentation? Missing a security validation? Found a bug? Improve existing functionalities? The contributing guidelines will guide you!
Python programs are not immune to cybersecurity threats.
Validating Python code for security weaknesses is essential, whether you are writing your own programs or relying on third-party applications.
Python Code Audit offers a powerful yet straightforward security solution:
Ease of Use: Simple to operate for quick audits.
Extensibility: Easy to customize and adapt for diverse use cases.
Impactful Analysis: Powerful detection of security weaknesses that have the potential to become critical vulnerabilities.
Enjoying Python Code Audit? Support us with a GitHub star! It’s a simple way to help others find us and contributes to a more secure Python ecosystem. ⭐️
Features#
Python Code Audit has the following features:
Vulnerability Detection: Identifies potential security issues in Python files. Crucial to check trust in Python modules and essential for security research.
Complexity & Statistics: Reports security-relevant complexity statistics using a fast, lightweight cyclomatic complexity count by using Python (Abstract Syntax Tree) AST capabilities.
External Egress Detection: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.
Module Usage & External Vulnerabilities: Detects used modules and reports known vulnerabilities in used modules.
Inline Issue Reporting: Shows potential security issues with line numbers and crucial code snippets.
HTML Reports: All output is saved in simple, static HTML reports. Viewable in any browser.
Background#
The availability of good, maintained FOSS SAST tools for Python is limited. While Bandit is a known tool, its usefulness is significantly limited: it struggles to identify a broad range of security weaknesses and fails to perform many crucial Python security validations. Additionally, its Command Line Interface (CLI) can present a steep learning curve for non-technical users. To keep up with current threats, you need a Python Application Security Testing tool that evolves to deliver deeper insights and high accuracy.
Note
This Python Code Audit tool is built to be fast, lightweight, and easy to use.
By default, the tool scans Python code against more than 83 rules to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk.