tonybaloney / pycharm-security

Finds security holes in your Python projects from PyCharm and GitHub
https://pycharm-security.readthedocs.io/en/latest/?badge=latest
MIT License
334 stars 21 forks source link
devsecops hacktoberfest-accepted security security-automation static-analysis vulnerability

PyCharm Python Security plugin

GitHub Actions Downloads Version codecov Documentation Status Docker Cloud Build Status

A plugin to run security checks for common flaws in Python code and suggest quick fixes.

Demo

Check out the webinar for a full demo of the functionality in this plugin:

IMAGE ALT TEXT HERE

Documentation

Documentation is available on pycharm-security.readthedocs.io, including examples and explanations for all the checks.

GitHub Action Documentation

Documentation for the GitHub action is on the documentation site.

Snyk Support

Plugin has support for snyk.io as the vulnerability database. Snyk offers an up to date and in-depth database of Python package issues. Your installed packages will be checked against a live database of PyPi issues (subscription required.)

Bundled SafetyDB

This plugin will check the installed packages in your Python projects against the SafetyDB and raise a warning for any vulnerabilities.

PyPi vulnerability API

This plugin will check the installed packages in your Python projects against the OSV database in PyPi and raise a warning for any vulnerabilities.

Current checks

See Supported Checks for a current list.

Current quick fixes

See Fixes for a current list.

Release History

See Release History for the release history.

Contributing

If you would like to alter or add new checks and fixes, see the Development page.

License

This project is MIT Licensed.

Credits

Credit to the PyUp.io team for the SafetyDB. This project uses SafetyDB to scan packages, SafetyDB is licensed under "Attribution-NonCommercial 4.0 International" license.