CI-native network egress auditing via strace
Project description
netaudit
CI-native network egress auditing via strace. Wrap any process or test suite, declare what connections are allowed, get pass/fail — no raw strace noise.
Install
pip install netaudit
Requires strace (Linux only):
sudo apt-get install strace # Debian/Ubuntu
sudo dnf install strace # RHEL/Fedora
Or use the Docker image — strace is pre-installed.
Quick start
- Create
netaudit.yamlin your project root:
version: 1
allowlist:
- name: "Internal API"
family: AF_INET
addr: 10.0.0.1
port: 8080
- Run:
# Trace any command and fail on unexpected connections
netaudit run -- pytest
netaudit run -- curl https://example.com
netaudit run -- ./my-service --port 8080
# Show all network calls annotated with the matching rule name
# Everything after -- is the wrapped command
netaudit run --verbose -- pytest tests/
# Offline analysis of an existing strace log
netaudit analyze /tmp/trace.log
# Machine-readable output for CI artifacts
netaudit run --format json -- make test
Exit codes: 0 clean · 1 violations · 2 strace not found
pytest plugin
Enable automatic auditing of your test suite without changing any test code:
# pyproject.toml
[tool.netaudit]
enabled = true
allowlist = "netaudit.yaml"
pytest --netaudit # fail session on violations
pytest --netaudit --netaudit-verbose # show every connection per test
Violations are attributed to the individual test that triggered them.
Docker
No local strace install needed:
docker pull ghcr.io/cybersecauto-labs/netaudit:latest
docker run --rm --cap-add SYS_PTRACE \
-v "$(pwd)/netaudit.yaml:/netaudit.yaml" \
ghcr.io/cybersecauto-labs/netaudit \
run --allowlist /netaudit.yaml -- curl https://example.com
Documentation
Full docs at netaudit.readthedocs.io:
How it works
netaudit run spawns your command under strace -e trace=connect -f -tt, parses every
connect() syscall, and checks each against your allowlist. Built-in rules automatically
permit loopback, Unix sockets, and AF_NETLINK — you only need to list external destinations.
Development
python3.11 -m venv .venv
.venv/bin/pip install -e ".[dev]"
.venv/bin/pytest
See Contributing for the full guide.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file netaudit-0.4.1.tar.gz.
File metadata
- Download URL: netaudit-0.4.1.tar.gz
- Upload date:
- Size: 37.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67f568920cbbfcdb51a4ecf923be67217aec0327ecf3634ea239a32acf559d3f
|
|
| MD5 |
0816b25be3ccd4ecb9619967cc576d54
|
|
| BLAKE2b-256 |
1702843c25d5dad78a9a6cba11c7ab56ff17198900f20420db77d6ca7111ccd2
|
Provenance
The following attestation bundles were made for netaudit-0.4.1.tar.gz:
Publisher:
release.yml on CyberSecAuto-Labs/netaudit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
netaudit-0.4.1.tar.gz -
Subject digest:
67f568920cbbfcdb51a4ecf923be67217aec0327ecf3634ea239a32acf559d3f - Sigstore transparency entry: 1859436057
- Sigstore integration time:
-
Permalink:
CyberSecAuto-Labs/netaudit@6a91d30fa2d9bf45b56404e0e28b1b324aab0001 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/CyberSecAuto-Labs
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@6a91d30fa2d9bf45b56404e0e28b1b324aab0001 -
Trigger Event:
release
-
Statement type:
File details
Details for the file netaudit-0.4.1-py3-none-any.whl.
File metadata
- Download URL: netaudit-0.4.1-py3-none-any.whl
- Upload date:
- Size: 23.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3c69f4eb86d3b2c8c9682d9a39b06246278775b2fcbcc969730dca2182ecb6ad
|
|
| MD5 |
d3dde89fd7af63c7b58738c65e2ae30a
|
|
| BLAKE2b-256 |
640f6801a4a0768f5292386d3b8f581a04397e80d18274b8057d80695ef90765
|
Provenance
The following attestation bundles were made for netaudit-0.4.1-py3-none-any.whl:
Publisher:
release.yml on CyberSecAuto-Labs/netaudit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
netaudit-0.4.1-py3-none-any.whl -
Subject digest:
3c69f4eb86d3b2c8c9682d9a39b06246278775b2fcbcc969730dca2182ecb6ad - Sigstore transparency entry: 1859436179
- Sigstore integration time:
-
Permalink:
CyberSecAuto-Labs/netaudit@6a91d30fa2d9bf45b56404e0e28b1b324aab0001 -
Branch / Tag:
refs/tags/v0.4.1 - Owner: https://github.com/CyberSecAuto-Labs
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@6a91d30fa2d9bf45b56404e0e28b1b324aab0001 -
Trigger Event:
release
-
Statement type: