Automated, Zero-Config Security for Your Python Projects π
This production-ready GitHub Actions recipe is your secret weapon for a security-first codebase. It automatically scans your project's dependencies for vulnerabilities, creates intelligent GitHub issues, and keeps your team in the loopβall with a one-command setup.
Security shouldn't be an afterthought. Manual security audits are slow, error-prone, and often forgotten. This recipe solves that by making automated security as simple as copying a file.
- π‘οΈ Instant Security: Set up in less than a minute. Just copy, paste, and commit.
- π§ Intelligent Automation: Automatically creates, updates, and closes security issues.
- π¨ Real-Time Alerts: Get notified the moment a vulnerability is found.
- π₯ Team Collaboration: Shared visibility and a clear action plan for every security risk.
Getting started is as easy as running a single command in your project's root directory.
# One command to add security automation to your project
curl -sSL https://raw.githubusercontent.com/trivedi-vatsal/pysec-recipes/main/setup.py | python3This command automatically creates a new workflow file at .github/workflows/security-audit.yml and essential issue templates, instantly securing your project.
π Full Installation Guide - Detailed steps and troubleshooting.
- Zero Configuration: Works right out of the box with sensible defaults.
- Zero Maintenance: Runs automatically on a schedule, with no manual upkeep required.
- Comprehensive: Scans
requirements.txtand a full dependency tree.
- Smart Issue Management: When a vulnerability is found, the recipe creates a detailed GitHub issue with fix instructions. It also closes issues when a vulnerability is resolved.
- Rich Reporting: Every scan generates detailed JSON, Markdown, and text reports for easy review.
- Scheduled & On-Demand: Scans run automatically every week and can be triggered manually.
- Artifact Storage: Stores audit reports for 90 days for full audit trail and compliance.
- Multiple Databases: Leverages PyPI Advisory, OSV, and Python Packaging Advisory for robust coverage.
- Fix Guidance: Each issue includes direct
pip-auditfix commands. - CI/CD Integration: Can be configured to fail builds on critical vulnerabilities, ensuring no risky code gets deployed.
Running the quick start command creates the following structure in your repository:
your-repo/
βββ .github/
β Β βββ workflows/
β Β β Β βββ security-audit.yml Β Β Β Β Β # The main security workflow
β Β βββ ISSUE_TEMPLATE/
β Β Β Β βββ security-vulnerability-report.md # Template for vulnerability issues
β Β Β Β βββ clean-security-audit-report.md Β # Template for clean reports
βββ requirements.txt Β Β Β Β Β Β Β Β Β Β # Your project's dependencies
βββ [your project files]The security-audit.yml workflow is designed to run automatically on a weekly schedule, on every push to the main branch, or when triggered manually. It does the following:
- Sets up a Python environment and
pip-audit. - Scans your
requirements.txtfile for known vulnerabilities. - Generates easy-to-read reports.
- Creates, updates, or closes a GitHub issue based on the scan results.
- Uploads the detailed reports as artifacts for long-term storage.
This recipe is versatile and can be customized for many project types.
| Example | Description | Use Case |
|---|---|---|
| π§ Basic Example | A single-file security audit. | Small projects, quick setup. |
| π Multi-Environment | Scans separate dev, test, and prod requirements files. |
Complex projects with different dependencies. |
| π Django Project | Specifically tailored for Django applications. | Securing web applications. |
| π¦ Monorepo | Audits multiple projects within a single repository. | Enterprise setups. |
π View All Examples - Explore configurations for different project types.
Have questions or need help? The documentation is here for you.
- π Full Documentation - Comprehensive guides and explanations.
- β FAQs & Troubleshooting - Find answers to common issues.
- π Report an Issue - Report bugs or request features.
This recipe is a open effort. Your contributions are welcome! If you have ideas for new features, better reporting, or bug fixes
Star this repository to show your support and help others discover it. Let's make Python security simple and accessible for everyone
