Skip to content

PyPI version

Security Checks

Bandit

Finds common security issues in Python code. For every single file, Bandit builds an AST, and runs plugins (i.e. tests) against the AST nodes. Bandit supports many plugins (i.e. tests) to detect various security issues.

Dependabot

GitHub's built-in feature to keep the supply chain secure. Dependabot monitors vulnerabilities in dependencies used in a project and keep the dependencies up-to-date.

CodeQL

Semantic code analysis engine by GitHub. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same. CodeQL is free for research and open source, and can be activated in the GitHub settings of a repository.

Gitleaks

Secret scanner for git repositories, available as GitHub action.

Pysa

Pysa is a feature of Facebook's type checker Pyre. It performs taint analysis to identify potential security issues. Tainted data is data that must be treated carefully. Pysa works by tracking flows of data from where they originate (sources) to where they terminate in a dangerous location (sinks). Example: User-controllable data that flows into an eval call leads to a remote code execution vulnerability.