PyCharm Python Security plugin

Pycharm-security is a plugin for PyCharm, or JetBrains IDEs with the Python plugin.

The plugin looks at your Python code for common security vulnerabilities and suggests fixes.

Contents:

• Installation
• Usage
• GitHub Action
• List of Checks
• List of Quick Fixes
• Development
• Comparison with Bandit
• Django security

Features

• Over 20 builtin code checks giving your contextual security warnings in your code
• Misconfiguration warnings for Django and Flask web frameworks
• Cross-Site-Scripting detection for both Jinja2 and Mako templating engines
• SQL Injection detection in all Python string formats
• Automatic reporting of known vulnerabilities and CVEs in your installed Python Packages within PyCharm
• Detection of security flaws and misconfiguration in 3rd party libraries like Jinja2, Paramiko and Mako
• Can be used to scan large code bases with inspection profiles
• Configurable alert levels and warning suppression by file, line, or project
• Scan code in your CI/CD using Docker

Demo

Check out the webinar for a full demo:

Release History

See Release History for the release history.

Contributing

If you would like to alter or add new checks and fixes, see the Development page.

If you have bugs or issues with the existing functionality, please report them in GitHub Issues.

License

This plugin is MIT Licensed.

Credits

Credit to the PyUp.io team for SafetyDB. This plugin uses SafetyDB whilst scanning packages.

SafetyDB is licensed under Creative Commons Attribution-NonCommercial 4.0 International