A powerful CLI tool to scan GitHub repositories for security patterns and vulnerabilities
Project description
📡 Scanipy
A powerful command-line tool to scan open source code-bases on GitHub for security patterns and vulnerabilities. Scanipy searches GitHub repositories for specific code patterns and optionally runs Semgrep or CodeQL analysis on discovered code.
🎯 Features
- Smart Code Search: Search GitHub for specific code patterns across millions of repositories
- Tiered Star Search: Prioritize popular, well-maintained repositories by searching in star tiers
- Keyword Filtering: Filter results by keywords found in file contents
- Semgrep Integration: Automatically clone and scan repositories with Semgrep
- CodeQL Integration: Run CodeQL analysis for deep semantic security scanning
- Custom Rules: Use built-in security rules or provide your own
⚡ Quick Start
# Clone and setup
git clone https://github.com/papadoxie/scanipy.git
cd scanipy
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
# Set GitHub token
export GITHUB_TOKEN="your_token_here"
# Search for code patterns
python scanipy.py --query "extractall" --language python
# Run Semgrep analysis
python scanipy.py --query "extractall" --language python --run-semgrep
# Run CodeQL analysis
python scanipy.py --query "extractall" --language python --run-codeql
📚 Documentation
Full documentation is available in the docs/ directory:
| Document | Description |
|---|---|
| Installation | Setup instructions and prerequisites |
| Usage Guide | Basic and advanced usage |
| Semgrep Integration | Running Semgrep security analysis |
| CodeQL Integration | Running CodeQL semantic analysis |
| CLI Reference | Complete command-line options |
| Examples | Real-world usage examples |
| Development | Contributing and development setup |
Building the Docs
# Install MkDocs
pip install mkdocs mkdocs-material
# Serve locally
mkdocs serve
# Build static site
mkdocs build
🛠️ Development
# Setup development environment
make dev
# Run tests
make test
# Run all checks (lint, typecheck, test)
make check
🤝 Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes and ensure tests pass (
make check) - Commit and push to your branch
- Open a Pull Request
See Development Guide for detailed instructions.
🙏 Acknowledgments
- GitHub API for code search capabilities
- Semgrep for static analysis
- CodeQL for semantic analysis
Made with ❤️ for the security research community
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file scanipy_cli-0.1.0.tar.gz.
File metadata
- Download URL: scanipy_cli-0.1.0.tar.gz
- Upload date:
- Size: 36.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f662efbb868276276911ef9b339be531212b94a2344679c259ca8379b7b19dfa
|
|
| MD5 |
67e32d5b8392cc751f0ac7b4c0fd1fe6
|
|
| BLAKE2b-256 |
d9042455972108d82a9807c3b8319bd5c7712bf2c7137561a5e9efb35e2b956b
|
Provenance
The following attestation bundles were made for scanipy_cli-0.1.0.tar.gz:
Publisher:
release.yml on papadoxie/scanipy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
scanipy_cli-0.1.0.tar.gz -
Subject digest:
f662efbb868276276911ef9b339be531212b94a2344679c259ca8379b7b19dfa - Sigstore transparency entry: 781167359
- Sigstore integration time:
-
Permalink:
papadoxie/scanipy@53f24fb79c0999818ad32fc096f2c5e9cbe6f64a -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/papadoxie
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@53f24fb79c0999818ad32fc096f2c5e9cbe6f64a -
Trigger Event:
push
-
Statement type:
File details
Details for the file scanipy_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: scanipy_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 31.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c76b22378747c7f0414695aa96f6ed43c8ce08555812ecb3e3fb84509dd9cddd
|
|
| MD5 |
c674520d10ac56554056858c227722cb
|
|
| BLAKE2b-256 |
750fa64cdcb5f43f5788de57303253ccbfe812817b56c3faca04497b2b1d57e3
|
Provenance
The following attestation bundles were made for scanipy_cli-0.1.0-py3-none-any.whl:
Publisher:
release.yml on papadoxie/scanipy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
scanipy_cli-0.1.0-py3-none-any.whl -
Subject digest:
c76b22378747c7f0414695aa96f6ed43c8ce08555812ecb3e3fb84509dd9cddd - Sigstore transparency entry: 781167368
- Sigstore integration time:
-
Permalink:
papadoxie/scanipy@53f24fb79c0999818ad32fc096f2c5e9cbe6f64a -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/papadoxie
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@53f24fb79c0999818ad32fc096f2c5e9cbe6f64a -
Trigger Event:
push
-
Statement type: