Giter VIP home page Giter VIP logo

auraborealisapp's Introduction

AuraBorealis: Do You Know What's In Your Python Packages?

AuraBorealis homepage user interface

About

AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI) via Aura, a static analysis designed for large scale security auditing of Python packages. The current tool is a proof-of-concept, and includes some live Aura data, as well as some mockup data for demo purposes.

Current features include:

  • Scanning the entire python package registry to:

    • List packages with the highest number of security warnings, sorted by Aura warning type
    • List packages sorted by the total and unique count of warnings
    • List packages by their overall severity score
    • List packages that have changes in their warnings and/or severity score between two dates

  • Displaying security warnings for an individual package, sorted by criticality

  • Visualize the line numbers and lines of code in files generating security warnings for a specific package

  • Compare two packages or different versions of the same package for security warnings

Instructions

Clone the repository.

git clone https://github.com/IQTLabs/AuraBorealisApp.git

Navigate to aura-borealis-flask-app directory.

cd aura-borealis-flask-app

Install dependencies.

pip install requirements.txt

Run the app.

python app.py

Navigate to the URL http://0.0.0.0:5000/ via a browser.

Feature Roadmap

  • Compare a package to a benchmark profile of packages of similar purpose for security warnings
  • Ability to scan an internal package/registry that's not public on PyPI
  • Display an analysis of permissions (does this package make a network connection? Does this package require OS-level library permissions?)

Contact Information

[email protected] (John Speed Meyers, Secure Code Reuse project lead). The lead developer and creator of Aura is Martin Carnogusky of sourcecode.ai.

Related Work

auraborealisapp's People

Contributors

kdobolyi avatar jspeed-meyers avatar monag-ucberkeley avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.