{"id":18666661,"url":"https://github.com/fhpythonutils/simplesecurity","last_synced_at":"2025-04-11T23:33:00.491Z","repository":{"id":57407448,"uuid":"302444914","full_name":"FHPythonUtils/SimpleSecurity","owner":"FHPythonUtils","description":"Combine multiple popular python security tools and generate reports or output into different formats","archived":false,"fork":false,"pushed_at":"2024-12-01T16:41:16.000Z","size":172,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T19:53:15.597Z","etag":null,"topics":["bandit","dlint","dodgy","linting","python","python-security","safety","sarif","security-report","security-tools","semgrep","simplesecurity","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FHPythonUtils.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-08T19:41:52.000Z","updated_at":"2024-12-30T22:25:29.000Z","dependencies_parsed_at":"2024-01-07T22:40:38.586Z","dependency_job_id":null,"html_url":"https://github.com/FHPythonUtils/SimpleSecurity","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FHPythonUtils%2FSimpleSecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FHPythonUtils%2FSimpleSecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FHPythonUtils%2FSimpleSecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FHPythonUtils%2FSimpleSecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FHPythonUtils","download_url":"https://codeload.github.com/FHPythonUtils/SimpleSecurity/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248495749,"owners_count":21113691,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bandit","dlint","dodgy","linting","python","python-security","safety","sarif","security-report","security-tools","semgrep","simplesecurity","static-analysis"],"created_at":"2024-11-07T08:33:29.632Z","updated_at":"2025-04-11T23:32:59.260Z","avatar_url":"https://github.com/FHPythonUtils.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GitHub top language](https://img.shields.io/github/languages/top/FHPythonUtils/SimpleSecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](../../)\n[![Issues](https://img.shields.io/github/issues/FHPythonUtils/SimpleSecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](../../issues)\n[![License](https://img.shields.io/github/license/FHPythonUtils/SimpleSecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](/LICENSE.md)\n[![Commit activity](https://img.shields.io/github/commit-activity/m/FHPythonUtils/SimpleSecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](../../commits/master)\n[![Last commit](https://img.shields.io/github/last-commit/FHPythonUtils/SimpleSecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](../../commits/master)\n[![PyPI Downloads](https://img.shields.io/pypi/dm/simplesecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](https://pypistats.org/packages/simplesecurity)\n[![PyPI Total Downloads](https://img.shields.io/badge/dynamic/json?style=for-the-badge\u0026label=total%20downloads\u0026query=%24.total_downloads\u0026url=https%3A%2F%2Fapi%2Epepy%2Etech%2Fapi%2Fv2%2Fprojects%2Fsimplesecurity)](https://pepy.tech/project/simplesecurity)\n[![PyPI Version](https://img.shields.io/pypi/v/simplesecurity.svg?style=for-the-badge\u0026cacheSeconds=28800)](https://pypi.org/project/simplesecurity)\n\n\u003c!-- omit in toc --\u003e\n# SimpleSecurity\n\n\u003cimg src=\"readme-assets/icons/name.png\" alt=\"Project Icon\" width=\"750\"\u003e\n\nCombine multiple popular python security tools and generate reports or output\ninto different formats\n\nPlugins (these require the plugin executable in the system path. e.g. bandit\nrequires bandit to be in the system path...)\n\n- bandit\n- safety\n- dodgy\n- dlint\n- semgrep\n\nFormats\n\n- ansi (for terminal)\n- json\n- markdown\n- csv\n- sarif\n\n## Example Use\n\nSee below for the output if you run `simplesecurity` in this directory\n\n\u003cimg src=\"readme-assets/screenshots/sec.svg\" width=\"500px\"\u003e\n\n### Help\n\n```bash\n$ simplesecurity --help\nusage: simplesecurity [-h] [--scan-dir SCAN_DIR] [--format FORMAT] [--plugin PLUGIN] [--file FILE] [--level LEVEL]\n                      [--confidence CONFIDENCE] [--no-colour] [--high-contrast] [--fast] [--zero]\n\nCombine multiple popular python security tools and generate reports or output\ninto different formats...\n\noptions:\n  -h, --help            show this help message and exit\n  --scan-dir SCAN_DIR, -s SCAN_DIR\n                        Pass a path to the scan directory (optional)\n  --format FORMAT, -f FORMAT\n                        Output format. One of ansi, json, markdown, csv. default=ansi\n  --plugin PLUGIN, -p PLUGIN\n                        Plugin to use. One of bandit, safety, dodgy, dlint, semgrep, all, default=all\n  --file FILE, -o FILE  Filename to write to (omit for stdout)\n  --level LEVEL, -l LEVEL\n                        Minimum severity/ level to show\n  --confidence CONFIDENCE, -c CONFIDENCE\n                        Minimum confidence to show\n  --no-colour, -z       No ANSI colours\n  --high-contrast, -Z   High contrast colours\n  --fast, --skip        Skip long running jobs. Will omit plugins with long run time (applies to -p all only)\n  --zero, -0            Return non zero exit code if any security vulnerabilities are found\n```\n\nYou can also import this into your own project and use any of the functions\nin the DOCS\n\n\u003c!-- omit in toc --\u003e\n## Table of Contents\n\n- [Example Use](#example-use)\n\t- [Help](#help)\n- [Developer Notes](#developer-notes)\n\t- [Generate semgrep\\_sec.yaml](#generate-semgrep_secyaml)\n- [Documentation](#documentation)\n- [Install With PIP](#install-with-pip)\n- [Language information](#language-information)\n\t- [Built for](#built-for)\n- [Install Python on Windows](#install-python-on-windows)\n\t- [Chocolatey](#chocolatey)\n\t- [Windows - Python.org](#windows---pythonorg)\n- [Install Python on Linux](#install-python-on-linux)\n\t- [Apt](#apt)\n\t- [Dnf](#dnf)\n- [Install Python on MacOS](#install-python-on-macos)\n\t- [Homebrew](#homebrew)\n\t- [MacOS - Python.org](#macos---pythonorg)\n- [How to run](#how-to-run)\n\t- [Windows](#windows)\n\t- [Linux/ MacOS](#linux-macos)\n- [Building](#building)\n- [Testing](#testing)\n- [Download Project](#download-project)\n\t- [Clone](#clone)\n\t\t- [Using The Command Line](#using-the-command-line)\n\t\t- [Using GitHub Desktop](#using-github-desktop)\n\t- [Download Zip File](#download-zip-file)\n- [Community Files](#community-files)\n\t- [Licence](#licence)\n\t- [Changelog](#changelog)\n\t- [Code of Conduct](#code-of-conduct)\n\t- [Contributing](#contributing)\n\t- [Security](#security)\n\t- [Support](#support)\n\t- [Rationale](#rationale)\n\n## Developer Notes\n\n### Generate semgrep_sec.yaml\n\n1. Clone https://github.com/returntocorp/semgrep-rules\n2. cd to `semgrep-rules/python`\n3. do\n\n   ```bash\n   cat **/security/**/*.yaml \u003e\u003e semgrep_sec.yaml\n   cat **/security/*.yaml \u003e\u003e semgrep_sec.yaml\n   ```\n\n4. Find and replace `rules:` with `` apart from the first instance\n5. Reformat with `ctrl+shift+i`\n6. replace simplesecurity/semgrep_sec.yaml with the new one\n\n## Documentation\n\nA high-level overview of how the documentation is organized organized will help you know\nwhere to look for certain things:\n\n\u003c!--\n- [Tutorials](/documentation/tutorials) take you by the hand through a series of steps to get\n  started using the software. Start here if you’re new.\n--\u003e\n- The [Technical Reference](/documentation/reference) documents APIs and other aspects of the\n  machinery. This documentation describes how to use the classes and functions at a lower level\n  and assume that you have a good high-level understanding of the software.\n\u003c!--\n- The [Help](/documentation/help) guide provides a starting point and outlines common issues that you\n  may have.\n--\u003e\n\n## Install With PIP\n\n**\"Slim\" Build:** Install bandit, dlint, dodgy, poetry, and safety with pipx\n\n```python\npip install simplesecurity\n```\n\n**Otherwise:**\n\n```python\npip install simplesecurity[full]\n```\n\nHead to https://pypi.org/project/SimpleSecurity/ for more info\n\n## Language information\n\n### Built for\n\nThis program has been written for Python versions 3.8 - 3.11 and has been tested with both 3.8 and\n3.11\n\n## Install Python on Windows\n\n### Chocolatey\n\n```powershell\nchoco install python\n```\n\n### Windows - Python.org\n\nTo install Python, go to https://www.python.org/downloads/windows/ and download the latest\nversion.\n\n## Install Python on Linux\n\n### Apt\n\n```bash\nsudo apt install python3.x\n```\n\n### Dnf\n\n```bash\nsudo dnf install python3.x\n```\n\n## Install Python on MacOS\n\n### Homebrew\n\n```bash\nbrew install python@3.x\n```\n\n### MacOS - Python.org\n\nTo install Python, go to https://www.python.org/downloads/macos/ and download the latest\nversion.\n\n## How to run\n\n### Windows\n\n- Module\n\t`py -3.x -m [module]` or `[module]` (if module installs a script)\n\n- File\n\t`py -3.x [file]` or `./[file]`\n\n### Linux/ MacOS\n\n- Module\n\t`python3.x -m [module]` or `[module]` (if module installs a script)\n\n- File\n\t`python3.x [file]` or `./[file]`\n\n## Building\n\nThis project uses https://github.com/FHPythonUtils/FHMake to automate most of the building. This\ncommand generates the documentation, updates the requirements.txt and builds the library artefacts\n\nNote the functionality provided by fhmake can be approximated by the following\n\n```sh\nhandsdown  --cleanup -o documentation/reference\npoetry export -f requirements.txt --output requirements.txt\npoetry export -f requirements.txt --with dev --output requirements_optional.txt\npoetry build\n```\n\n`fhmake audit` can be run to perform additional checks\n\n## Testing\n\nFor testing with the version of python used by poetry use\n\n```sh\npoetry run pytest\n```\n\nAlternatively use `tox` to run tests over python 3.8 - 3.11\n\n```sh\ntox\n```\n\n## Download Project\n\n### Clone\n\n#### Using The Command Line\n\n1. Press the Clone or download button in the top right\n2. Copy the URL (link)\n3. Open the command line and change directory to where you wish to\nclone to\n4. Type 'git clone' followed by URL in step 2\n\n\t```bash\n\tgit clone https://github.com/FHPythonUtils/SimpleSecurity\n\t```\n\nMore information can be found at\nhttps://help.github.com/en/articles/cloning-a-repository\n\n#### Using GitHub Desktop\n\n1. Press the Clone or download button in the top right\n2. Click open in desktop\n3. Choose the path for where you want and click Clone\n\nMore information can be found at\nhttps://help.github.com/en/desktop/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop\n\n### Download Zip File\n\n1. Download this GitHub repository\n2. Extract the zip archive\n3. Copy/ move to the desired location\n\n## Community Files\n\n### Licence\n\nMIT License\nCopyright (c) FredHappyface\n(See the [LICENSE](/LICENSE.md) for more information.)\n\n### Changelog\n\nSee the [Changelog](/CHANGELOG.md) for more information.\n\n### Code of Conduct\n\nOnline communities include people from many backgrounds. The *Project*\ncontributors are committed to providing a friendly, safe and welcoming\nenvironment for all. Please see the\n[Code of Conduct](https://github.com/FHPythonUtils/.github/blob/master/CODE_OF_CONDUCT.md)\n for more information.\n\n### Contributing\n\nContributions are welcome, please see the\n[Contributing Guidelines](https://github.com/FHPythonUtils/.github/blob/master/CONTRIBUTING.md)\nfor more information.\n\n### Security\n\nThank you for improving the security of the project, please see the\n[Security Policy](https://github.com/FHPythonUtils/.github/blob/master/SECURITY.md)\nfor more information.\n\n### Support\n\nThank you for using this project, I hope it is of use to you. Please be aware that\nthose involved with the project often do so for fun along with other commitments\n(such as work, family, etc). Please see the\n[Support Policy](https://github.com/FHPythonUtils/.github/blob/master/SUPPORT.md)\nfor more information.\n\n### Rationale\n\nThe rationale acts as a guide to various processes regarding projects such as\nthe versioning scheme and the programming styles used. Please see the\n[Rationale](https://github.com/FHPythonUtils/.github/blob/master/RATIONALE.md)\nfor more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffhpythonutils%2Fsimplesecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffhpythonutils%2Fsimplesecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffhpythonutils%2Fsimplesecurity/lists"}