Skip to main content

A powerful CLI tool to scan GitHub repositories for security patterns and vulnerabilities

Project description

📡 Scanipy

A powerful command-line tool to scan open source code-bases on GitHub for security patterns and vulnerabilities. Scanipy searches GitHub repositories for specific code patterns and optionally runs Semgrep or CodeQL analysis on discovered code.

Tests Coverage Python

🎯 Features

  • Smart Code Search: Search GitHub for specific code patterns across millions of repositories
  • Tiered Star Search: Prioritize popular, well-maintained repositories by searching in star tiers
  • Keyword Filtering: Filter results by keywords found in file contents
  • Semgrep Integration: Automatically clone and scan repositories with Semgrep
  • CodeQL Integration: Run CodeQL analysis for deep semantic security scanning
  • Custom Rules: Use built-in security rules or provide your own

⚡ Quick Start

# Clone and setup
git clone https://github.com/papadoxie/scanipy.git
cd scanipy
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt

# Set GitHub token
export GITHUB_TOKEN="your_token_here"

# Search for code patterns
python scanipy.py --query "extractall" --language python

# Run Semgrep analysis
python scanipy.py --query "extractall" --language python --run-semgrep

# Run CodeQL analysis
python scanipy.py --query "extractall" --language python --run-codeql

📚 Documentation

Full documentation is available in the docs/ directory:

Document Description
Installation Setup instructions and prerequisites
Usage Guide Basic and advanced usage
Semgrep Integration Running Semgrep security analysis
CodeQL Integration Running CodeQL semantic analysis
CLI Reference Complete command-line options
Examples Real-world usage examples
Development Contributing and development setup

Building the Docs

# Install MkDocs
pip install mkdocs mkdocs-material

# Serve locally
mkdocs serve

# Build static site
mkdocs build

🛠️ Development

# Setup development environment
make dev

# Run tests
make test

# Run all checks (lint, typecheck, test)
make check

🤝 Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Make your changes and ensure tests pass (make check)
  4. Commit and push to your branch
  5. Open a Pull Request

See Development Guide for detailed instructions.

🙏 Acknowledgments


Made with ❤️ for the security research community

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scanipy_cli-0.1.0.tar.gz (36.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scanipy_cli-0.1.0-py3-none-any.whl (31.5 kB view details)

Uploaded Python 3

File details

Details for the file scanipy_cli-0.1.0.tar.gz.

File metadata

  • Download URL: scanipy_cli-0.1.0.tar.gz
  • Upload date:
  • Size: 36.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for scanipy_cli-0.1.0.tar.gz
Algorithm Hash digest
SHA256 f662efbb868276276911ef9b339be531212b94a2344679c259ca8379b7b19dfa
MD5 67e32d5b8392cc751f0ac7b4c0fd1fe6
BLAKE2b-256 d9042455972108d82a9807c3b8319bd5c7712bf2c7137561a5e9efb35e2b956b

See more details on using hashes here.

Provenance

The following attestation bundles were made for scanipy_cli-0.1.0.tar.gz:

Publisher: release.yml on papadoxie/scanipy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file scanipy_cli-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: scanipy_cli-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 31.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for scanipy_cli-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c76b22378747c7f0414695aa96f6ed43c8ce08555812ecb3e3fb84509dd9cddd
MD5 c674520d10ac56554056858c227722cb
BLAKE2b-256 750fa64cdcb5f43f5788de57303253ccbfe812817b56c3faca04497b2b1d57e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for scanipy_cli-0.1.0-py3-none-any.whl:

Publisher: release.yml on papadoxie/scanipy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page