Combine multiple popular python security tools and generate reports or output into different formats
Combine multiple popular python security tools and generate reports or output into different formats
Plugins (these require the plugin executable in the system path. e.g. bandit requires bandit to be in the system path...)
Formats
See below for the output if you run simplesecurity in this directory
$ simplesecurity --help
usage: simplesecurity [-h] [--scan-dir SCAN_DIR] [--format FORMAT] [--plugin PLUGIN] [--file FILE] [--level LEVEL]
[--confidence CONFIDENCE] [--no-colour] [--high-contrast] [--fast] [--zero]
Combine multiple popular python security tools and generate reports or output
into different formats...
options:
-h, --help show this help message and exit
--scan-dir SCAN_DIR, -s SCAN_DIR
Pass a path to the scan directory (optional)
--format FORMAT, -f FORMAT
Output format. One of ansi, json, markdown, csv. default=ansi
--plugin PLUGIN, -p PLUGIN
Plugin to use. One of bandit, safety, dodgy, dlint, semgrep, all, default=all
--file FILE, -o FILE Filename to write to (omit for stdout)
--level LEVEL, -l LEVEL
Minimum severity/ level to show
--confidence CONFIDENCE, -c CONFIDENCE
Minimum confidence to show
--no-colour, -z No ANSI colours
--high-contrast, -Z High contrast colours
--fast, --skip Skip long running jobs. Will omit plugins with long run time (applies to -p all only)
--zero, -0 Return non zero exit code if any security vulnerabilities are found
You can also import this into your own project and use any of the functions in the DOCS
cd to semgrep-rules/python
do
cat **/security/**/*.yaml >> semgrep_sec.yaml
cat **/security/*.yaml >> semgrep_sec.yaml
Find and replace rules: with `` apart from the first instance
Reformat with ctrl+shift+i
replace simplesecurity/semgrep_sec.yaml with the new one
A high-level overview of how the documentation is organized organized will help you know where to look for certain things:
"Slim" Build: Install bandit, dlint, dodgy, poetry, and safety with pipx
pip install simplesecurity
Otherwise:
pip install simplesecurity[full]
Head to https://pypi.org/project/SimpleSecurity/ for more info
This program has been written for Python versions 3.8 - 3.11 and has been tested with both 3.8 and 3.11
choco install python
To install Python, go to https://www.python.org/downloads/windows/ and download the latest version.
sudo apt install python3.x
sudo dnf install python3.x
brew install python@3.x
To install Python, go to https://www.python.org/downloads/macos/ and download the latest version.
Module
py -3.x -m [module] or [module] (if module installs a script)
File
py -3.x [file] or ./[file]
Module
python3.x -m [module] or [module] (if module installs a script)
File
python3.x [file] or ./[file]
This project uses https://github.com/FHPythonUtils/FHMake to automate most of the building. This command generates the documentation, updates the requirements.txt and builds the library artefacts
Note the functionality provided by fhmake can be approximated by the following
handsdown --cleanup -o documentation/reference
poetry export -f requirements.txt --output requirements.txt
poetry export -f requirements.txt --with dev --output requirements_optional.txt
poetry build
fhmake audit can be run to perform additional checks
For testing with the version of python used by poetry use
poetry run pytest
Alternatively use tox to run tests over python 3.8 - 3.11
tox
Press the Clone or download button in the top right
Copy the URL (link)
Open the command line and change directory to where you wish to clone to
Type 'git clone' followed by URL in step 2
git clone https://github.com/FHPythonUtils/SimpleSecurity
More information can be found at https://help.github.com/en/articles/cloning-a-repository
More information can be found at https://help.github.com/en/desktop/contributing-to-projects/cloning-a-repository-from-github-to-github-desktop
MIT License Copyright (c) FredHappyface (See the LICENSE for more information.)
See the Changelog for more information.
Online communities include people from many backgrounds. The Project contributors are committed to providing a friendly, safe and welcoming environment for all. Please see the Code of Conduct for more information.
Contributions are welcome, please see the Contributing Guidelines for more information.
Thank you for improving the security of the project, please see the Security Policy for more information.
Thank you for using this project, I hope it is of use to you. Please be aware that those involved with the project often do so for fun along with other commitments (such as work, family, etc). Please see the Support Policy for more information.
The rationale acts as a guide to various processes regarding projects such as the versioning scheme and the programming styles used. Please see the Rationale for more information.
FAQs
Combine multiple popular python security tools and generate reports or output into different formats
We found that simplesecurity demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.