Skip to main content

A modern Python security source code analyzer (SAST) based on distrust.

Project description

Codeaudit

CodeauditLogo

PythonCodeAudit Badge PyPI - Version PyPI - Python Version OpenSSF Best Practices Documentation License PyPI Downloads

Python Code Audit - A modern Python security source code analyzer based on distrust.

Python Code Audit is a static application security testing (SAST) tool designed to identify security weaknesses in Python source code. It combines powerful analysis features with an intuitive workflow, making essential security audits both simple and engaging.

This tool is designed for anyone who uses or creates Python programs and wants to understand and mitigate potential security risks.

This tool is created for:

  • Python Users who want to assess the security risks in the Python code they use.
  • Python Developers: Anyone, from professionals to hobbyists, who wants to deliver secure Python code.
  • Security-Conscious Users: People seeking a simple, fast way to gain insight into potential security vulnerabilities within Python packages or files.

Creating secure software can be challenging. This tool, with its comprehensive documentation, acts as your helpful security colleague, making it easier to identify and address vulnerabilities.

Features

Python Code Audit has the following features:

  • Vulnerability Detection: Identifies security vulnerabilities in Python files, essential for package security research.

  • Complexity & Statistics: Reports security-relevant complexity using a fast, lightweight cyclomatic complexity count via Python's AST.

  • Module Usage & External Vulnerabilities: Detects used modules and reports known vulnerabilities for used external modules.

  • Inline Issue Reporting: Shows potential security issues with line numbers and code snippets.

  • External Egress Detection: Identifies embedded API keys and logic that enables communication with remote services, helping uncover hidden data exfiltration paths.

  • CI/CD Ready: Integrates seamlessly into any CI/CD workflow.

  • HTML Reports: All output is saved in simple, static HTML reports viewable in any browser.

[!NOTE] Python Code Audit uses the Python's Abstract Syntax Tree (AST) to get robust and reliable result. Using the Python AST makes contextual Vulnerability Detection possible and false positive are minimized.

Installation

[!TIP] Try it instantly—no installs, no setup, no excuses.

👉 Launch the browser version here

It runs 100% locally in your browser using WebAssembly (WASM). See the power of the tool in under 60 seconds. No downloads. No dependencies. Just click and do a security audit on Python Code.

Loved the browser version? Unlock the full power. For advanced security code inspections, CI/CD integration, and all professional features, install the complete Python package:

pip install -U codeaudit

If you have installed Python Code Audit previously and want to ensure you are using the latest validations and features, simply run this command again. Python Code Audit is frequently updated with new checks.

Usage

After installation you can get an overview of all implemented commands. Just type in your terminal:

codeaudit

This will show all commands:

----------------------------------------------------
 _                    __             _             
|_) \/_|_|_  _ __    /   _  _| _    |_|    _| o _|_
|   /  |_| |(_)| |   \__(_)(_|(/_   | ||_|(_| |  |_
----------------------------------------------------

Python Code Audit - A modern Python security source code analyzer based on distrust.


Commands to evaluate Python source code:
Usage: codeaudit COMMAND <directory|package>  [report.html] 

Depending on the command, you must specify a local directory, a Python file, or a package name hosted on PyPI.org.Reporting: The results are generated as a static HTML report for viewing in a web browser.

Commands:
  overview             Generates an overview report of code complexity and security indicators.
  filescan             Scans Python source code or PyPI packages for security weaknesses.
  modulescan           Generate a report on known vulnerabilities in Python modules and packages.
  checks               Creates an HTML report of all implemented security checks.
  version              Prints the module version. Or use codeaudit [-v] [--v] [-version] or [--version].

Use the Python Code Audit documentation (https://codeaudit.nocomplexity.com) to audit and secure your Python programmes. Explore further essential open-source security tools at https://simplifysecurity.nocomplexity.com/

Example

By running the codeaudit filescan command, detailed security information is determined for a Python file based on more than 80 validations implemented.

The codeaudit filescan command shows all potential security issues that are detected in the source file in a HTML-report.

Per line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.

To scan a Python package on PyPI.org on possible security issues, do:

codeaudit filescan <package-name> [reportname.html]

=====================================================================
Codeaudit report file created!
Paste the line below directly into your browser bar:
	file:///home/usainbolt/tmp/codeaudit-report.html

=====================================================================

Example view of filescan report

Contributing

All contributions are welcome! Think of corrections on the documentation, code or more and better tests.

Simple Guidelines:

  • Questions, Feature Requests, Bug Reports please use on the Github Issue Tracker.

Pull Requests are welcome!

When you contribute to Codeaudit, your contributions are made under the same license as the file you are working on.

[!NOTE] This is an open community driven project. Contributors will be mentioned in the documentation.

We adopt the Collective Code Construction Contract(C4) to streamline collaboration.

License

codeaudit is distributed under the terms of the GPL-3.0-or-later license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

codeaudit-1.7.1.tar.gz (2.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

codeaudit-1.7.1-py3-none-any.whl (86.5 kB view details)

Uploaded Python 3

File details

Details for the file codeaudit-1.7.1.tar.gz.

File metadata

  • Download URL: codeaudit-1.7.1.tar.gz
  • Upload date:
  • Size: 2.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Hatch/1.16.5 cpython/3.14.6 HTTPX/0.28.1

File hashes

Hashes for codeaudit-1.7.1.tar.gz
Algorithm Hash digest
SHA256 45c8427cb11a221c07e25d49a77c74c4a27c809d4b8a6e25aa1d01109ed5a0e5
MD5 854f413ddc599b7bf3f149f79c877201
BLAKE2b-256 fa09d0a82590cf5d94e0daa2a13d1dfd31e42fe08fea2d8de4c12fbcedbcd17a

See more details on using hashes here.

File details

Details for the file codeaudit-1.7.1-py3-none-any.whl.

File metadata

  • Download URL: codeaudit-1.7.1-py3-none-any.whl
  • Upload date:
  • Size: 86.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: Hatch/1.16.5 cpython/3.14.6 HTTPX/0.28.1

File hashes

Hashes for codeaudit-1.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 fa617ca6c1e90b1b48b56b648ec8c0a2daddc0072d7bac4740a2afde9498c1cf
MD5 f8904d5f9575d1be66ff03547b23950a
BLAKE2b-256 5ff4b7bd8b84c1758e0aac0693d6e8568f9bab88cc97f3a0bb4f29e4ac997872

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page