Python code plays a central role in modern computing, yet Python applications are not immune to cybersecurity threats. Consequently, security has become a critical concern for both users and developers alike.
I advocate for simplifying cybersecurity. However, thinking, writing and talking are not enough. I prefer to get my hands dirty and experiment with many different approaches to figure out how, in practice, simplifying cybersecurity can be accomplished.
This led me to develop a FOSS SAST (Static Application Security Testing) tool for Python code and applications. To my surprise, the availability of high-quality, open-source SAST tools for Python is very limited. The open-source tools that do exist are often far from simple to use, especially if you just want to run a quick scan on a package when you have only ten seconds to decide whether to use it.
I believe that performing a SAST scan on a Python package should take no more than a few seconds. It should provide immediate, valuable insights before you decide to use a module or incorporate it into your own project.
After building a straightforward local CLI for Python Code Audit, I have made it possible for anyone to run a SAST scan with one single command:
codeaudit filescan <package-name|directory|file> [reportname.html]But I wanted to make it even simpler. What if you could use this powerful SAST scanner directly from any browser, without installing software first?
I advocate for better and simpler security. This means:
- Privacy First: Local analysis where no data ever leaves your machine.
- Avoiding AI agents for cybersecurity: SaaS-only solutions, where you have no control over the execution environment or the handling of your source code, should be avoided. Besides, most AI tools for Python security testing are far from good enough. Valuable source code should never be transferred to a SaaS solution that is out of your control; good security means no “security by obscurity”.
So, how do you create a local-first, 100% web-based SAST scanner for Python that everyone can use without installing anything? A solid way to do this without abandoning FOSS principles is to use WebAssembly (WASM).
WASM is revolutionising how local-first Python applications can be distributed, requiring nothing more than a browser. Running code in this way leverages the robust security measures developed over the last 25 years to protect web users; the code executes within your browser’s highly isolated sandbox environment.
Don’t take Python security for modules on PyPI.org for granted. Use this free web-based tool to check your Python modules for weaknesses before you integrate them.
You can try it out here:Launch the Python Code Audit Web Scanner