# Codeaudit
[](https://pypi.org/project/codeaudit)
[](https://pypi.org/project/codeaudit)
[](https://www.bestpractices.dev/projects/10970)
Python Codeaudit - A modern Python source code analyzer based on distrust.
Codeaudit is a tool to find security issues in Python code. This static application security testing (SAST) tool has **great** features to simplify the necessary security tasks and make it fun and easy.
This tool is created for:
* Anyone who want or must check security risks with Python programs.
* Anyone who loves to create functionality using Python. So not only professional programs , but also occasional Python programmers or programmers who are used to working with other languages.
* Anyone who wants an easy way to get insight in possible security risks Python programs.
> [!WARNING]
> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. Use Python Codeaudit now and contribute to make it better!
## Features
Python Codeaudit has the following features:
* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.
* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.
* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.
* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.
* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.
> [!IMPORTANT]
> Python Codeaudit uses the Python's Abstract Syntax Tree (AST) to get robust and reliable result. Using the Python AST makes contextual Vulnerability Detection possible and false positive are minimized.
## Installation
```console
pip install codeaudit
```
or use:
```bash
pip install -U codeaudit
```
If you have installed Codeaudit in the past and want to make sure you use the latest checks and features.
## Usage
After installation you can get an overview of all implemented commands. Just type in your terminal:
```text
codeaudit
```
This will show all commands:
```text
--------------------------------------------------
_____ _ _ _ _
/ ____| | | | (_) |
| | ___ __| | ___ __ _ _ _ __| |_| |_
| | / _ \ / _` |/ _ \/ _` | | | |/ _` | | __|
| |___| (_) | (_| | __/ (_| | |_| | (_| | | |_
\_____\___/ \__,_|\___|\__,_|\__,_|\__,_|_|\__|
--------------------------------------------------
Codeaudit - Modern Python source code analyzer based on distrust.
Commands to evaluate Python source code:
Usage: codeaudit COMMAND [PATH or FILE] [OUTPUTFILE]
Depending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.
Commands:
overview Reports Complexity and statistics per Python file from a directory.
modulescan Reports module information per file.
filescan Reports potential security issues for a single Python file.
directoryscan Reports potential security issues for all Python files found in a directory.
checks Generate an HTML report of all implemented codeaudit security checks.
version Prints the module version. Use [-v] [--v] [-version] or [--version].
Use the [Codeaudit documentation](https://nocomplexity.com/documents/codeaudit/intro.html) to check the security of Python programs and make your Python programs more secure!
Check https://simplifysecurity.nocomplexity.com/
```
## Example
By running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **60 validations** implemented.
The `codeaudit filescan` command shows all **potential** security issues that are detected in the source file in a HTML-report.
Per line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.
To scan a Python file on possible security issues, do:
```bash
codeaudit filescan ../codeaudit/tests/validationfiles/allshit.py
=====================================================================
Codeaudit report file created!
Paste the line below directly into your browser bar:
file:///home/usainbolt/tmp/codeaudit-report.html
=====================================================================
```
## Contributing
All contributions are welcome! Think of corrections on the documentation, code or more and better tests.
Simple Guidelines:
* Questions, Feature Requests, Bug Reports please use on the Github Issue Tracker.
**Pull Requests are welcome!**
When you contribute to Codeaudit, your contributions are made under the same license as the file you are working on.
> [!NOTE]
> This is an open community driven project. Contributors will be mentioned in the [documentation](https://nocomplexity.com/documents/codeaudit/intro.html).
We adopt the [Collective Code Construction Contract(C4)](https://rfc.zeromq.org/spec/42/) to streamline collaboration.
## License
`codeaudit` is distributed under the terms of the [GPL-3.0-or-later](https://spdx.org/licenses/GPL-3.0-or-later.html) license.
Raw data
{
"_id": null,
"home_page": null,
"name": "codeaudit",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "Complexity Checker, Python SAST, SAST, SAST API",
"author": null,
"author_email": "Maikel Mardjan <mike@bm-support.org>",
"download_url": "https://files.pythonhosted.org/packages/b1/66/3872d6b9273e58cbc0c27b06271af71562e13f8e39211a07f2032dcd8a57/codeaudit-0.9.2.tar.gz",
"platform": null,
"description": "# Codeaudit\n\n\n\n[](https://pypi.org/project/codeaudit)\n[](https://pypi.org/project/codeaudit)\n[](https://www.bestpractices.dev/projects/10970)\n\nPython Codeaudit - A modern Python source code analyzer based on distrust.\n\nCodeaudit is a tool to find security issues in Python code. This static application security testing (SAST) tool has **great** features to simplify the necessary security tasks and make it fun and easy. \n\nThis tool is created for:\n* Anyone who want or must check security risks with Python programs.\n* Anyone who loves to create functionality using Python. So not only professional programs , but also occasional Python programmers or programmers who are used to working with other languages.\n* Anyone who wants an easy way to get insight in possible security risks Python programs.\n\n\n> [!WARNING]\n> Python Codeaudit is currently in *beta status*. Consider [contributing](CONTRIBUTING.md) to make Codeaudit the coolest open source Python SAST tool. Codeaudit is currently in a thorough testing phase. Use Python Codeaudit now and contribute to make it better!\n\n## Features\n\nPython Codeaudit has the following features:\n\n* **Vulnerability Detection**: Identifies security vulnerabilities in Python files, essential for package security research.\n\n* **Complexity & Statistics**: Reports security-relevant complexity using a fast, lightweight [cyclomatic complexity](https://en.wikipedia.org/wiki/Cyclomatic_complexity) count via Python's AST.\n\n* **Module Usage & External Vulnerabilities**: Detects used modules and reports vulnerabilities in external ones.\n\n* **Inline Issue Reporting**: Shows potential security issues with line numbers and code snippets.\n\n* **HTML Reports**: All output is saved in simple, static HTML reports viewable in any browser.\n\n\n\n> [!IMPORTANT]\n> Python Codeaudit uses the Python's Abstract Syntax Tree (AST) to get robust and reliable result. Using the Python AST makes contextual Vulnerability Detection possible and false positive are minimized.\n\n\n## Installation\n\n```console\npip install codeaudit\n```\n\nor use:\n\n```bash\npip install -U codeaudit\n```\n\nIf you have installed Codeaudit in the past and want to make sure you use the latest checks and features.\n\n## Usage\n\nAfter installation you can get an overview of all implemented commands. Just type in your terminal:\n\n```text\ncodeaudit\n```\n\nThis will show all commands:\n\n```text\n--------------------------------------------------\n _____ _ _ _ _ \n / ____| | | | (_) | \n | | ___ __| | ___ __ _ _ _ __| |_| |_ \n | | / _ \\ / _` |/ _ \\/ _` | | | |/ _` | | __|\n | |___| (_) | (_| | __/ (_| | |_| | (_| | | |_ \n \\_____\\___/ \\__,_|\\___|\\__,_|\\__,_|\\__,_|_|\\__|\n--------------------------------------------------\n\nCodeaudit - Modern Python source code analyzer based on distrust.\n\nCommands to evaluate Python source code:\nUsage: codeaudit COMMAND [PATH or FILE] [OUTPUTFILE] \n\nDepending on the command, a directory or file name must be specified. The output is a static HTML file to be examined in a browser. Specifying a name for the output file is optional.\n\nCommands:\n overview Reports Complexity and statistics per Python file from a directory.\n modulescan Reports module information per file.\n filescan Reports potential security issues for a single Python file.\n directoryscan Reports potential security issues for all Python files found in a directory.\n checks Generate an HTML report of all implemented codeaudit security checks.\n version Prints the module version. Use [-v] [--v] [-version] or [--version].\n\nUse the [Codeaudit documentation](https://nocomplexity.com/documents/codeaudit/intro.html) to check the security of Python programs and make your Python programs more secure!\nCheck https://simplifysecurity.nocomplexity.com/ \n```\n\n## Example\n\nBy running the `codeaudit filescan` command, detailed security information is determined for a Python file based on more than **60 validations** implemented. \n\nThe `codeaudit filescan` command shows all **potential** security issues that are detected in the source file in a HTML-report.\n\nPer line a the in construct that can cause a security risks is shown, along with the relevant code lines where the issue is detected.\n\nTo scan a Python file on possible security issues, do:\n\n```bash\ncodeaudit filescan ../codeaudit/tests/validationfiles/allshit.py \n\n=====================================================================\nCodeaudit report file created!\nPaste the line below directly into your browser bar:\n\tfile:///home/usainbolt/tmp/codeaudit-report.html\n\n=====================================================================\n\n```\n\n\n\n\n## Contributing\n\nAll contributions are welcome! Think of corrections on the documentation, code or more and better tests.\n\nSimple Guidelines:\n\n* Questions, Feature Requests, Bug Reports please use on the Github Issue Tracker.\n\n**Pull Requests are welcome!** \n\nWhen you contribute to Codeaudit, your contributions are made under the same license as the file you are working on. \n\n\n> [!NOTE]\n> This is an open community driven project. Contributors will be mentioned in the [documentation](https://nocomplexity.com/documents/codeaudit/intro.html).\n\nWe adopt the [Collective Code Construction Contract(C4)](https://rfc.zeromq.org/spec/42/) to streamline collaboration.\n\n## License\n\n\n`codeaudit` is distributed under the terms of the [GPL-3.0-or-later](https://spdx.org/licenses/GPL-3.0-or-later.html) license.\n\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Simplified static security checks for Python ",
"version": "0.9.2",
"project_urls": {
"Documentation": "https://github.com/nocomplexity/codeaudit#readme",
"Issues": "https://github.com/nocomplexity/codeaudit/issues",
"Source": "https://github.com/nocomplexity/codeaudit"
},
"split_keywords": [
"complexity checker",
" python sast",
" sast",
" sast api"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "fbabb38b2458c47170e6c7de5b8e40d6afa034041ff751afd9ab6269b4da9522",
"md5": "63ba6dda6dfdbedae96bedaac3d1fb2a",
"sha256": "80f5397111452039e9d0cbe2afa72c5dda43776dfaa949da8c5693801bf429e3"
},
"downloads": -1,
"filename": "codeaudit-0.9.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "63ba6dda6dfdbedae96bedaac3d1fb2a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 41520,
"upload_time": "2025-08-04T20:26:32",
"upload_time_iso_8601": "2025-08-04T20:26:32.481086Z",
"url": "https://files.pythonhosted.org/packages/fb/ab/b38b2458c47170e6c7de5b8e40d6afa034041ff751afd9ab6269b4da9522/codeaudit-0.9.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "b1663872d6b9273e58cbc0c27b06271af71562e13f8e39211a07f2032dcd8a57",
"md5": "9829f3e260785820898a6e72b074cf24",
"sha256": "ea5691eccfeb53d367e21f8eeb6ba76882958e1119e4ba583fa62696942184f8"
},
"downloads": -1,
"filename": "codeaudit-0.9.2.tar.gz",
"has_sig": false,
"md5_digest": "9829f3e260785820898a6e72b074cf24",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 908141,
"upload_time": "2025-08-04T20:26:30",
"upload_time_iso_8601": "2025-08-04T20:26:30.313799Z",
"url": "https://files.pythonhosted.org/packages/b1/66/3872d6b9273e58cbc0c27b06271af71562e13f8e39211a07f2032dcd8a57/codeaudit-0.9.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-04 20:26:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "nocomplexity",
"github_project": "codeaudit#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "codeaudit"
}
JSON
