PySecScan is the tool that allows you to perform security scans in your Python project through a YAML configuration.
-
Install package
pip install py-secscan # Or using uv uv add --dev py-secscan -
In your root project folder, define the `.py-secscan.conf.yml' configuration
packages: - name: "ruff" args: ["check", "--fix"]
-
Run command in your root project folder
py_secscan
- Configuration: The
.py-secscan.conf.ymlconfiguration defines the packages (and the options to pass to them) that will scan the source of your project. - Virtual environment: On the first execution of the command, a virtual environment will be created (if it exists, it will use the existing one) and you will be asked to
sourcethe virtual environment if you haven't already. Once created and sourced, the command will create a.py-secscanfolder (and add it to the.gitignorefile) where the requirements file requested by the.py-secscan.conf.ymlfile will be saved and subsequently installed. - Execution: By executing the
py_sescancommand in the root of your project, it will retrieve the defined configuration, and for each configured package, a dedicated subprocess will be executed.
flowchart TD
A(["Your Python Project"]) -- define ---> C[".py-secsca.conf.yml"]
PySecScan(["$ py_secscan"]) -. load ..-> C
PySecScan -- setup --> Env
PySecScan == exec ===> Subprocess
Subprocess == output ===> Status
Subprocess -. use ..-> Env["Virtaul Environment"]
Status == return ===> PySecScan
git clone https://github.com/FabrizioCafolla/py-secscan
cd py-secscanRequirements:
| pkg | version | install |
|---|---|---|
| devbox | >=0.12.0 |
docs |
Steps:
- Run
devbox shell - Run
devbox run setup
Requirements:
| pkg | version | install |
|---|---|---|
| python | >=3.12.0 |
downloads |
| uv | >=0.4.3 |
docs |
Steps:
- Run
uv venv --python 3.12 - Run
uv sync - Run
uv run pre-commit install - Run
uv run pre-commit run --all-files