Unified security scanning by orchestrating bandit, shellcheck, pip-audit, and GitHub alerts

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ywatanabe1989 from gravatar.com ywatanabe1989

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-only
    SPDX License Expression
  • Author: Yusuke Watanabe
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , docs
Classifiers
Report project as malware

Project description

scitex-audit

SciTeX

Unified security scanning: bandit + shellcheck + pip-audit + GitHub advisories in one report.

Full Documentation · uv pip install scitex-audit[all]

pypi python docs

tests cov License: AGPL v3

Problem and Solution

# Problem Solution
1 Security scanning requires 4 tools run separatelybandit (py) + shellcheck (sh) + pip-audit (deps) + GH Advisories — each with different output format scitex-audit . — runs all four, merges findings into one JSON report; ideal for CI pre-release gates

Installation

pip install scitex-audit
# With all scanner backends:
pip install scitex-audit[all]

Architecture

src/scitex_audit/
├── _runner.py        # orchestrates checks, aggregates results
├── _bandit.py        # Python security scanner (bandit)
├── _pip_audit.py     # dependency CVE scanner (pip-audit)
├── _shellcheck.py    # shell script linter (shellcheck)
├── _format.py        # human + JSON output formatting
├── _github.py        # GitHub Actions annotation emitter
└── _skills/          # SciTeX skills metadata

Demo

flowchart LR
    Repo[(repo)] --> Runner[scitex_audit.audit]
    Runner --> B[bandit - Python]
    Runner --> P[pip-audit - deps]
    Runner --> S[shellcheck - shell]
    B & P & S --> Fmt[_format] --> Out[CLI / JSON / GitHub annotations]

Quick Start

from scitex_audit import audit

results = audit(".")
results = audit(".", checks=["python", "shell"])

2 Interfaces

Python API 
from scitex_audit import audit

# Run all enabled scanners and merge results.
results = audit(".")

# Run only specific scanners.
results = audit(".", checks=["python", "shell"])
CLI 
scitex-audit .                          # all scanners
scitex-audit . --checks python,shell    # subset
scitex-audit . --json                   # machine-readable

Part of SciTeX

scitex-audit is part of SciTeX. Install via the umbrella with pip install scitex[audit] to use as scitex.audit (Python) or scitex audit ... (CLI).

Four Freedoms for Research

  1. The freedom to run your research anywhere — your machine, your terms.
  2. The freedom to study how every step works — from raw data to final manuscript.
  3. The freedom to redistribute your workflows, not just your papers.
  4. The freedom to modify any module and share improvements with the community.

AGPL-3.0 — because we believe research infrastructure deserves the same freedoms as the software it runs on.

License

AGPL-3.0 — see LICENSE for details.

SciTeX

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ywatanabe1989 from gravatar.com ywatanabe1989

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-only
    SPDX License Expression
  • Author: Yusuke Watanabe
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , docs
Classifiers

Release history Release notifications | RSS feed

This version

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scitex_audit-0.1.7.tar.gz (8.8 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scitex_audit-0.1.7-py3-none-any.whl (8.4 MB view details)

Uploaded Python 3

File details

Details for the file scitex_audit-0.1.7.tar.gz.

File metadata

  • Download URL: scitex_audit-0.1.7.tar.gz
  • Upload date:
  • Size: 8.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for scitex_audit-0.1.7.tar.gz
Algorithm Hash digest
SHA256 d1cd0b42ca374f11698858140101ba982d1a839d9c810da4296b5c03eff43364
MD5 6dd0fd5cd1371718b5ed3a048e7c4149
BLAKE2b-256 b2e29a4a459f32430e93398a52e26d26dd14cfbacb28b7f3300b72317bcc3a7f

See more details on using hashes here.

Provenance

The following attestation bundles were made for scitex_audit-0.1.7.tar.gz:

Publisher: pypi-publish-and-github-release-on-tag.yml on ywatanabe1989/scitex-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file scitex_audit-0.1.7-py3-none-any.whl.

File metadata

  • Download URL: scitex_audit-0.1.7-py3-none-any.whl
  • Upload date:
  • Size: 8.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for scitex_audit-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 48b2d81103a276f8e5905757177ace64dd538acc092962257a47d3ded031d1c5
MD5 20b016ba53dda5a37738ee4266ef55dc
BLAKE2b-256 913d57cf7b071d11f16876554b7326d7e4ebf759eed487b292a3db272cb337cd

See more details on using hashes here.

Provenance

The following attestation bundles were made for scitex_audit-0.1.7-py3-none-any.whl:

Publisher: pypi-publish-and-github-release-on-tag.yml on ywatanabe1989/scitex-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page