GitHub Action
PyCharm Python Security Scanner
A plugin to run security checks for common flaws in Python code and suggest quick fixes.
- Available as a PyCharm plugin on the Jetbrains plugin marketplace
- Available as a GitHub Action for your CI/CD workflow on the GitHub Marketplace.
- Available as a standalone container image on the Docker Hub
Check out the webinar for a full demo of the functionality in this plugin:
Documentation is available on pycharm-security.readthedocs.io, including examples and explanations for all the checks.
Documentation for the GitHub action is on the documentation site.
Plugin has support for snyk.io as the vulnerability database. Snyk offers an up to date and in-depth database of Python package issues. Your installed packages will be checked against a live database of PyPi issues (subscription required.)
This plugin will check the installed packages in your Python projects against the SafetyDB and raise a warning for any vulnerabilities.
This plugin will check the installed packages in your Python projects against the OSV database in PyPi and raise a warning for any vulnerabilities.
See Supported Checks for a current list.
See Fixes for a current list.
See Release History for the release history.
If you would like to alter or add new checks and fixes, see the Development page.
This project is MIT Licensed.
Credit to the PyUp.io team for the SafetyDB. This project uses SafetyDB to scan packages, SafetyDB is licensed under "Attribution-NonCommercial 4.0 International" license.