Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tonybaloney/pycharm-security
Finds security holes in your Python projects from PyCharm and GitHub
https://github.com/tonybaloney/pycharm-security
devsecops hacktoberfest-accepted security security-automation static-analysis vulnerability
Last synced: about 19 hours ago
JSON representation
Finds security holes in your Python projects from PyCharm and GitHub
- Host: GitHub
- URL: https://github.com/tonybaloney/pycharm-security
- Owner: tonybaloney
- License: mit
- Created: 2020-01-05T22:35:55.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-07-10T07:25:30.000Z (4 months ago)
- Last Synced: 2024-10-30T05:57:40.166Z (15 days ago)
- Topics: devsecops, hacktoberfest-accepted, security, security-automation, static-analysis, vulnerability
- Language: Kotlin
- Homepage: https://pycharm-security.readthedocs.io/en/latest/?badge=latest
- Size: 9.76 MB
- Stars: 335
- Watchers: 10
- Forks: 21
- Open Issues: 36
-
Metadata Files:
- Readme: README.md
- Changelog: HISTORY.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# PyCharm Python Security plugin
[](https://github.com/tonybaloney/pycharm-security/actions)
[](https://plugins.jetbrains.com/plugin/13609-python-security)
[](https://plugins.jetbrains.com/plugin/13609-python-security)
[](https://codecov.io/gh/tonybaloney/pycharm-security)
[](https://pycharm-security.readthedocs.io/en/latest/?badge=latest)
[](https://hub.docker.com/r/anthonypjshaw/pycharm-security)
A plugin to run security checks for common flaws in Python code and suggest quick fixes.
* Available as a PyCharm plugin on the [Jetbrains plugin marketplace](https://plugins.jetbrains.com/plugin/13609-python-security)
* Available as a GitHub Action for your CI/CD workflow [on the GitHub Marketplace](https://github.com/marketplace/actions/pycharm-python-security-scanner).
* Available as a standalone container image [on the Docker Hub](https://hub.docker.com/r/anthonypjshaw/pycharm-security)
## Demo
Check out the webinar for a full demo of the functionality in this plugin:
[](https://www.youtube.com/watch?v=zVIfH89oWno)
## Documentation
Documentation is available on [pycharm-security.readthedocs.io](https://pycharm-security.readthedocs.io/en/latest/?badge=latest), including examples and explanations for all the checks.
## GitHub Action Documentation
Documentation for the GitHub action is [on the documentation site](https://pycharm-security.readthedocs.io/en/latest/github.html).
## Snyk Support
Plugin has support for [snyk.io](https://snyk.io) as the vulnerability database. Snyk offers an up to date and in-depth database of Python package issues.
Your installed packages will be checked against a live database of PyPi issues (subscription required.)
## Bundled SafetyDB
This plugin will check the installed packages in your Python projects against the SafetyDB and raise a warning for any vulnerabilities.
## PyPi vulnerability API
This plugin will check the installed packages in your Python projects against the OSV database in PyPi and raise a warning for any vulnerabilities.
## Current checks
See [Supported Checks](https://pycharm-security.readthedocs.io/en/latest/checks/index.html) for a current list.
## Current quick fixes
See [Fixes](https://pycharm-security.readthedocs.io/en/latest/fixes/index.html) for a current list.
## Release History
See [Release History](HISTORY.md) for the release history.
## Contributing
If you would like to alter or add new checks and fixes, see the [Development](https://pycharm-security.readthedocs.io/en/latest/development.html) page.
## License
This project is [MIT Licensed](LICENSE).
## Credits
Credit to the [PyUp.io](https://pyup.io/) team for the SafetyDB. This project uses [SafetyDB](https://github.com/pyupio/safety-db) to scan packages, SafetyDB is licensed under ["Attribution-NonCommercial 4.0 International" license](src/main/java/resources/safety-db/LICENSE.txt).