Installation

Installation from GitHub

If you want to install a specific version, go to the releases page and download the pycharm-security-xxx.zip file. Inside PyCharm,

_images/install-from-disk.png

Installation from source

You can build from source with IntelliJ IDEA. Open this repository and run the :buildPlugin task. Inside build/distributions/ will be a copy of pycharm-security-xxx.zip. Use the Installation from Disk instructions to complete the install

Installation from Docker

This plugin can also be used from docker as a command-line utility:

$ docker pull anthonypjshaw/pycharm-security

To execute, mount your code to scan as the mount path. Warnings will be printed to the screen:

$ docker run -v /path/to/yourcode:/code anthonypjshaw/pycharm-security

PW100: Comparing secrets and passwords insecurely (Python Security)

  ./test_shell.py:19     [WARNING] PW100: Matching inputs, secrets or tokens using the == operator is vulnerable to timing attacks. Use compare_digest() instead.

PW101: Hardcoded passwords and secrets (Python Security)

  ./test_shell.py:22     [WARNING] PW101: Passwords, secrets or keys should not be hardcoded into Python code.