Unified security scanning by orchestrating bandit, shellcheck, pip-audit, and GitHub alerts

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ywatanabe1989 from gravatar.com ywatanabe1989

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-only
    SPDX License Expression
  • Author: Yusuke Watanabe
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , docs
Classifiers
Report project as malware

Project description

scitex-audit

SciTeX

Unified security scanning: bandit + shellcheck + pip-audit + GitHub advisories in one report.

Full Documentation · uv pip install scitex-audit[all]

pypi python docs

tests cov License: AGPL v3

Problem and Solution

# Problem Solution
1 Security scanning requires 4 tools run separatelybandit (py) + shellcheck (sh) + pip-audit (deps) + GH Advisories — each with different output format scitex-audit . — runs all four, merges findings into one JSON report; ideal for CI pre-release gates

Installation

pip install scitex-audit
# With all scanner backends:
pip install scitex-audit[all]

Architecture

src/scitex_audit/
├── _runner.py        # orchestrates checks, aggregates results
├── _bandit.py        # Python security scanner (bandit)
├── _pip_audit.py     # dependency CVE scanner (pip-audit)
├── _shellcheck.py    # shell script linter (shellcheck)
├── _format.py        # human + JSON output formatting
├── _github.py        # GitHub Actions annotation emitter
└── _skills/          # SciTeX skills metadata

Demo

flowchart LR
    Repo[(repo)] --> Runner[scitex_audit.audit]
    Runner --> B[bandit - Python]
    Runner --> P[pip-audit - deps]
    Runner --> S[shellcheck - shell]
    B & P & S --> Fmt[_format] --> Out[CLI / JSON / GitHub annotations]

Quick Start

from scitex_audit import audit

results = audit(".")
results = audit(".", checks=["python", "shell"])

2 Interfaces

Python API 
from scitex_audit import audit

# Run all enabled scanners and merge results.
results = audit(".")

# Run only specific scanners.
results = audit(".", checks=["python", "shell"])
CLI 
scitex-audit .                          # all scanners
scitex-audit . --checks python,shell    # subset
scitex-audit . --json                   # machine-readable

Part of SciTeX

scitex-audit is part of SciTeX. Install via the umbrella with pip install scitex[audit] to use as scitex.audit (Python) or scitex audit ... (CLI).

Four Freedoms for Research

  1. The freedom to run your research anywhere — your machine, your terms.
  2. The freedom to study how every step works — from raw data to final manuscript.
  3. The freedom to redistribute your workflows, not just your papers.
  4. The freedom to modify any module and share improvements with the community.

AGPL-3.0 — because we believe research infrastructure deserves the same freedoms as the software it runs on.

License

AGPL-3.0 — see LICENSE for details.

SciTeX

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ywatanabe1989 from gravatar.com ywatanabe1989

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: AGPL-3.0-only
    SPDX License Expression
  • Author: Yusuke Watanabe
  • Requires: Python >=3.10
  • Provides-Extra: all , dev , docs
Classifiers

Release history Release notifications | RSS feed

0.1.7

This version

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scitex_audit-0.1.6.tar.gz (8.8 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scitex_audit-0.1.6-py3-none-any.whl (8.4 MB view details)

Uploaded Python 3

File details

Details for the file scitex_audit-0.1.6.tar.gz.

File metadata

  • Download URL: scitex_audit-0.1.6.tar.gz
  • Upload date:
  • Size: 8.8 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for scitex_audit-0.1.6.tar.gz
Algorithm Hash digest
SHA256 3949d4624efe4839de691c82836da07bad2d0c5b41da417c7bb925b29f33e8a5
MD5 e36270640e1cc98d6ba4ee0c782e2adf
BLAKE2b-256 6adc0ec4f21a6b89ee4c3618f0675b1fa034c7703406a13651f9d0856eb00c0b

See more details on using hashes here.

Provenance

The following attestation bundles were made for scitex_audit-0.1.6.tar.gz:

Publisher: pypi-publish-and-github-release-on-tag.yml on ywatanabe1989/scitex-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file scitex_audit-0.1.6-py3-none-any.whl.

File metadata

  • Download URL: scitex_audit-0.1.6-py3-none-any.whl
  • Upload date:
  • Size: 8.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for scitex_audit-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 7dd33963e1428a770b67f317078946274c975bebbc480ffa8c333fa66361ead7
MD5 4a88b2eac7af4e3973c3a131f7952d38
BLAKE2b-256 e8b734d7ecbbfdf72cf7ca24d95cc27657e65dd5a32ad8717c5f7538be84e611

See more details on using hashes here.

Provenance

The following attestation bundles were made for scitex_audit-0.1.6-py3-none-any.whl:

Publisher: pypi-publish-and-github-release-on-tag.yml on ywatanabe1989/scitex-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page