Skip to main content

CI-native network egress auditing via strace

Project description

netaudit

CI PyPI Python License: Apache 2.0

CI-native network egress auditing via strace. Wrap any process or test suite, declare what connections are allowed, get pass/fail — no raw strace noise.

Install

pip install netaudit

Requires strace (Linux only):

sudo apt-get install strace   # Debian/Ubuntu
sudo dnf install strace       # RHEL/Fedora

Or use the Docker image — strace is pre-installed.

Quick start

  1. Create netaudit.yaml in your project root:
version: 1
allowlist:
  - name: "Internal API"
    family: AF_INET
    addr: 10.0.0.1
    port: 8080
  1. Run:
# Trace any command and fail on unexpected connections
netaudit run -- pytest
netaudit run -- curl https://example.com
netaudit run -- ./my-service --port 8080

# Show all network calls annotated with the matching rule name
# Everything after -- is the wrapped command
netaudit run --verbose -- pytest tests/

# Offline analysis of an existing strace log
netaudit analyze /tmp/trace.log

# Machine-readable output for CI artifacts
netaudit run --format json -- make test

Exit codes: 0 clean · 1 violations · 2 strace not found

pytest plugin

Enable automatic auditing of your test suite without changing any test code:

# pyproject.toml
[tool.netaudit]
enabled = true
allowlist = "netaudit.yaml"
pytest --netaudit                # fail session on violations
pytest --netaudit --netaudit-verbose  # show every connection per test

Violations are attributed to the individual test that triggered them.

Docker

No local strace install needed:

docker pull ghcr.io/cybersecauto-labs/netaudit:latest

docker run --rm --cap-add SYS_PTRACE \
  -v "$(pwd)/netaudit.yaml:/netaudit.yaml" \
  ghcr.io/cybersecauto-labs/netaudit \
  run --allowlist /netaudit.yaml -- curl https://example.com

Documentation

Full docs at netaudit.readthedocs.io:

How it works

netaudit run spawns your command under strace -e trace=connect -f -tt, parses every connect() syscall, and checks each against your allowlist. Built-in rules automatically permit loopback, Unix sockets, and AF_NETLINK — you only need to list external destinations.

Development

python3.11 -m venv .venv
.venv/bin/pip install -e ".[dev]"
.venv/bin/pytest

See Contributing for the full guide.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

netaudit-0.4.1.tar.gz (37.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

netaudit-0.4.1-py3-none-any.whl (23.4 kB view details)

Uploaded Python 3

File details

Details for the file netaudit-0.4.1.tar.gz.

File metadata

  • Download URL: netaudit-0.4.1.tar.gz
  • Upload date:
  • Size: 37.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for netaudit-0.4.1.tar.gz
Algorithm Hash digest
SHA256 67f568920cbbfcdb51a4ecf923be67217aec0327ecf3634ea239a32acf559d3f
MD5 0816b25be3ccd4ecb9619967cc576d54
BLAKE2b-256 1702843c25d5dad78a9a6cba11c7ab56ff17198900f20420db77d6ca7111ccd2

See more details on using hashes here.

Provenance

The following attestation bundles were made for netaudit-0.4.1.tar.gz:

Publisher: release.yml on CyberSecAuto-Labs/netaudit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file netaudit-0.4.1-py3-none-any.whl.

File metadata

  • Download URL: netaudit-0.4.1-py3-none-any.whl
  • Upload date:
  • Size: 23.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for netaudit-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3c69f4eb86d3b2c8c9682d9a39b06246278775b2fcbcc969730dca2182ecb6ad
MD5 d3dde89fd7af63c7b58738c65e2ae30a
BLAKE2b-256 640f6801a4a0768f5292386d3b8f581a04397e80d18274b8057d80695ef90765

See more details on using hashes here.

Provenance

The following attestation bundles were made for netaudit-0.4.1-py3-none-any.whl:

Publisher: release.yml on CyberSecAuto-Labs/netaudit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page