Comprehensive security analysis for Python projects with a single command
Project description
SecurityScan 🔒
Comprehensive security analysis for Python projects with a single command
SecurityScan is a powerful Python security analysis tool that automatically detects vulnerabilities, hardcoded secrets, and security misconfigurations in your Python projects. Install it with pip and start scanning immediately - no configuration required!
🚀 Quick Start
# Install SecurityScan
pip install securityscan
# Scan your project
secscan .
# Scan with auto-fix for safe issues
secscan --fix .
# Generate HTML report
secscan --output html .
✨ Features
🔍 Comprehensive Security Scanning
- Dependency Vulnerabilities: Check against OSV, Safety DB, and PyUp.io
- Hardcoded Secrets: Detect API keys, passwords, tokens, and credentials
- SQL Injection: Find vulnerable SQL query patterns
- Code Injection: Detect dangerous functions like
eval(),exec() - Framework Security: Django, Flask, FastAPI specific checks
- Cryptography Issues: Weak algorithms, hardcoded salts
- Authentication Issues: Missing auth, weak passwords
- XSS Detection: Unescaped user input in templates
📊 Rich Reporting
- Terminal Output: Colored, interactive results with progress bars
- HTML Reports: Beautiful, interactive web reports
- JSON/SARIF: CI/CD integration ready
- Markdown: Documentation-friendly format
⚡ Smart Features
- Auto-detection: Automatically identifies project type and applies relevant rules
- Incremental Scanning: Only scan changed files for speed
- Parallel Processing: Fast scanning of large codebases
- Configuration Support:
.securityscan.ymlfor team policies
🛠️ Installation
pip install securityscan
📖 Usage
Basic Commands
# Scan current directory
secscan .
# Scan specific directory
secscan /path/to/project
# Quick scan (critical issues only)
secscan --quick .
# Deep scan (comprehensive analysis)
secscan --deep .
# Auto-fix safe issues
secscan --fix .
# Generate different output formats
secscan --output html .
secscan --output json .
secscan --output sarif .
Advanced Options
# Custom configuration
secscan --config .securityscan.yml .
# Ignore specific files/patterns
secscan --ignore "tests/*,*.pyc" .
# Set severity threshold
secscan --severity high .
# Continuous monitoring
secscan --watch .
# Update vulnerability databases
secscan --update-db
📋 Configuration
Create a .securityscan.yml file in your project root:
# SecurityScan Configuration
severity_threshold: medium
output_format: html
# Ignore patterns
ignore:
- "tests/*"
- "*.pyc"
- "venv/*"
# Custom rules
rules:
- id: custom-secret
pattern: "SECRET_KEY.*=.*['\"](.*?)['\"]"
severity: high
message: "Custom secret pattern detected"
# Framework-specific settings
frameworks:
django:
check_debug: true
check_csrf: true
flask:
check_debug: true
check_secret_key: true
🎯 Supported Frameworks
- Django: Debug mode, CSRF protection, security middleware
- Flask: Debug mode, secret keys, Jinja2 rendering
- FastAPI: Input validation, CORS, exposed endpoints
- Generic Python: All security patterns apply
🔧 CI/CD Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install SecurityScan
run: pip install securityscan
- name: Run Security Scan
run: secscan --output sarif --fail-on high .
GitLab CI
security_scan:
stage: test
script:
- pip install securityscan
- secscan --output sarif .
artifacts:
reports:
codequality: security-report.sarif
📈 Security Score
SecurityScan calculates a security score (0-100) based on:
- Number and severity of vulnerabilities
- Security best practices implemented
- Framework-specific security measures
- Dependency health
Perfect scores get special congratulations! 🎉
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🆘 Support
👨💻 Author
SecurityScan is created by Sherin Joseph Roy, Co-Founder of DeepMost AI and creator of intelligent systems that bridge research and real-world safety.
- 🌐 GitHub: @Sherin-SEF-AI
- 💼 LinkedIn: sherin-roy-deepmost
- 📧 Email: sherin.joseph2217@gmail.com
Made with ❤️ by Sherin Joseph Roy
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securityscan-1.0.0.tar.gz.
File metadata
- Download URL: securityscan-1.0.0.tar.gz
- Upload date:
- Size: 47.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01d1741c618ec403c3d95a1d6a9c04be3f6d72f8a388f151686fc91bc6fc7d4a
|
|
| MD5 |
5032de291d92db56c93f4f02c949521a
|
|
| BLAKE2b-256 |
d656fbe0b95d66e0fc12291c5e5a92fdcf5d603a98f5d9f4b7cae5ad41c4a49f
|
File details
Details for the file securityscan-1.0.0-py3-none-any.whl.
File metadata
- Download URL: securityscan-1.0.0-py3-none-any.whl
- Upload date:
- Size: 57.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fc7a79742e858e8e79e35449712d9fdf30710311d8533fc3665f2d6e55011e9a
|
|
| MD5 |
da95114dbd03fc2aeb2db823c7c2577b
|
|
| BLAKE2b-256 |
5bfc69ecd7eafd6cbdbbdf685b31088c2b65e6b39ad77c41889bf36808e1ef94
|
