PyPI - codeaudit - Versions diffs - 1.6.5__tar.gz → 1.7.0__tar.gz - Mend

codeaudit 1.6.5tar.gz → 1.7.0tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (260) hide show

{codeaudit-1.6.5 → codeaudit-1.7.0}/CHANGELOG.md RENAMED Viewed

@@ -1,7 +1,37 @@
 # Change Log
-## Version 1.6.5:
+## Version 1.7.0:
+**Added**
+* **CI Option:** Added a new Continuous Integration (CI) option. (See [issue #24](https://github.com/nocomplexity/codeaudit/issues/24))
+**Documentation**
+* **Fixes & Updates:** Minor documentation fixes and content updates.
+## Version 1.6.6:
+**Added:**
+* Extended checking capabilities for Base64 encoding to improve validation rigor.
+**Changed**
+* Updated `pyproject.toml` configuration to align with the new WebAssembly (WASM) release requirements.
+**Fixed**
+* Resolved compatibility issues and bugs to fully support the new stable WASM version.
+**Documentation**
+* Miscellaneous documentation improvements and updates for clarity and coverage.
+## Version 1.6.5:
 **Added:**

{codeaudit-1.6.5 → codeaudit-1.7.0}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codeaudit
-Version: 1.6.5
+Version: 1.7.0
 Summary: A modern Python security source code analyzer (SAST) based on distrust.
 Project-URL: Documentation, https://github.com/nocomplexity/codeaudit#readme
 Project-URL: Issues, https://github.com/nocomplexity/codeaudit/issues
@@ -23,7 +23,7 @@ Classifier: Topic :: Software Development :: Quality Assurance
 Requires-Python: >=3.11
 Requires-Dist: altair==6.0.0
 Requires-Dist: fire==0.7.1
-Requires-Dist: pandas==3.0.2
+Requires-Dist: pandas>=2.3
 Provides-Extra: test
 Requires-Dist: black; extra == 'test'
 Requires-Dist: pylint; extra == 'test'

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/_toc.yml RENAMED Viewed

@@ -10,7 +10,11 @@ parts:
   - file: whatissast
   - file: whysast
   - url: https://securitytesting.nocomplexity.com/
-    title: Mastering Security Testing for Python
+    title: Security Testing for Python
+  - url: http://securitybydesign.nocomplexity.com/
+    title: Security By Design
+  - url: https://nocomplexity.github.io/pythonsecurity/
+    title: Python Security Handbook
@@ -27,13 +31,12 @@ parts:
     sections:
     - file: data_egress_implementation
   - file: issues
-  - file: markingissues
-  - file: securecoding
+  - file: markingissues
   - file: complexitycheck
   - file: warnings
   - file: handling_errors
-  - file: implementedvalidations
-  - file: validatetips
+  - file: cimode
+  - file: implementedvalidations
   - file: checksinformation
     sections:
     - file: checks/assert_check

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/astlines.md RENAMED Viewed

@@ -109,5 +109,3 @@ def example():
 5. **Why the Difference Matters**
 - `wc -l` is useful for getting a raw count of lines in a file, often used for file statistics or quick checks.
 - `count_ast_lines` is more relevant for analyzing **executable code complexity** or **code coverage**, as it focuses on lines that represent actual Python syntax nodes, ignoring non-executable content like comments or blank lines.
-Let me know if you need further examples or clarification!

codeaudit-1.7.0/docs/checks/base64_check.md ADDED Viewed

@@ -0,0 +1,88 @@
+# Base64 Statements
+The Python Code Audit tool detects obfuscated content, particularly code that uses `base64` (and related encodings) for encoding or decoding data.
+It specifically checks for the following calls:
+* `base64.b64decode`
+* `base64.b64encode`
+* `base64.b85encode`
+* `base64.z85decode`
+## Rationale
+Obfuscation using Base64 is a **long-standing and simple technique** commonly employed to conceal malicious code in Python projects. It enables attackers to hide payloads that would otherwise be easily identified.
+The use of obfuscated content is uncommon in well-structured, legitimate Python code and is therefore considered a strong indicator of potential security risks.
+It is strongly recommended that any code containing Base64 encoding/decoding be carefully reviewed before deployment to production. **Python Code Audit** performs this check automatically.
+**Key red flags include:**
+* `base64.b64decode` followed immediately by `exec()` or `eval()`
+* Long Base64 strings embedded in Python scripts
+* Constructs such as `exec(base64.b64decode(...))` from untrusted sources
+## Common Malware Patterns
+Base64 encoding patterns are frequently found in Python-based malware and droppers:
+| Pattern              | Code Snippet                                      | Why It Is Detected                              | Implemented |
+|----------------------|---------------------------------------------------|--------------------------------------------------|-------------|
+| Standard b64 + exec | `exec(base64.b64decode(long_string))`            | Extremely common obfuscation technique           | ✅          |
+| Compressed           | `exec(zlib.decompress(base64.b64decode(...)))`   | Suggests larger hidden payload and evasion       | ✅          |
+| Multi-layer          | `base64.b64decode(base64.b64decode(...))`        | Attempts to bypass simple pattern matching       | ✅          |
+| Bytes decode         | `exec(base64.b64decode(data).decode())`          | Hides intent by decoding to string               | ✅          |
+| Using aliases        | `b64 = base64.b64decode; exec(b64(payload))`     | Evasion of basic static analysis                 | ✅          |
+| Z85 / b85            | `base64.b85decode(...)` or `base64.z85decode(...)` | Non-standard encodings often indicate stealth    | ✅          |
+## Security Considerations
+Base encoding does not provide confidentiality. As noted in RFC 4648 (Section 12), care must be taken when implementing base encoding and decoding to avoid introducing vulnerabilities.
+Security considerations section from RFC 4648 (section 12):
+```text
+Security Considerations
+   When base encoding and decoding is implemented, care should be taken
+   not to introduce vulnerabilities to buffer overflow attacks, or other
+   attacks on the implementation.  A decoder should not break on invalid
+   input including, e.g., embedded NUL characters (ASCII 0).
+   If non-alphabet characters are ignored, instead of causing rejection
+   of the entire encoding (as recommended), a covert channel that can be
+   used to "leak" information is made possible.  The ignored characters
+   could also be used for other nefarious purposes, such as to avoid a
+   string equality comparison or to trigger implementation bugs.  The
+   implications of ignoring non-alphabet characters should be understood
+   in applications that do not follow the recommended practice.
+   Similarly, when the base 16 and base 32 alphabets are handled case
+   insensitively, alteration of case can be used to leak information or
+   make string equality comparisons fail.
+   When padding is used, there are some non-significant bits that
+   warrant security concerns, as they may be abused to leak information
+   or used to bypass string equality comparisons or to trigger
+   implementation problems.
+   Base encoding visually hides otherwise easily recognized information,
+   such as passwords, but does not provide any computational
+   confidentiality.  This has been known to cause security incidents
+   when, e.g., a user reports details of a network protocol exchange
+   (perhaps to illustrate some other problem) and accidentally reveals
+   the password because she is unaware that the base encoding does not
+   protect the password.
+   Base encoding adds no entropy to the plaintext, but it does increase
+   the amount of plaintext available and provide a signature for
+   cryptanalysis in the form of a characteristic probability
+   distribution.
+```
+## References
+* [Python Documentation – base64](https://docs.python.org/3/library/base64.html)
+* [RFC 4648 – Security Considerations](https://datatracker.ietf.org/doc/html/rfc4648#section-12)
+* [Base64 Malleability in Practice](https://eprint.iacr.org/2022/361.pdf)

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/checks/exception_check.md RENAMED Viewed

@@ -1,15 +1,26 @@
-# Exception statements
+## Exception Statements
-Codeaudit checks the `onpass` in a except block.
+Codeaudit detects the use of `pass` within an `except` block.
-The Python code `try: do_some_stuff() except Exception: pass` presents potential security risks due to its overly broad exception handling and silent failure option.
+The Python pattern:
+```python
+try:
+    do_some_stuff()
+except Exception:
+    pass
+```
-This also applies when using `continue`!
+presents potential security risks due to:
+- **Overly broad exception handling** – catching `Exception` masks virtually all errors
+- **Silent failure** – using `pass` suppresses all evidence that something went wrong
+This security concern also applies when using `continue` inside an exception block, as it similarly bypasses error reporting.
+**Python Code Audit detects:**
+- `pass` statements in exception clauses
+- `continue` statements in exception clauses
-So Codeaudit also checks on:
-*  `pass` and
-* `continue`
-statements in exception clauses.
 ## Background

codeaudit-1.7.0/docs/cimode.md ADDED Viewed

@@ -0,0 +1,276 @@
+# CI Integration
+Python Code Audit is a fast, local-first SAST tool for analysing Python code and detecting potential security weaknesses. While it is particularly useful for auditing third-party code, it should also be run regularly on your own projects to ensure continuous security validation.
+Python Code Audit integrates easily into CI/CD pipelines and standard code quality workflows. A CI job can be configured in just a few steps, supporting our goal of simple, effective security tooling. This allows you to focus on reviewing findings and applying fixes based on [Security by Design principles](https://nocomplexity.github.io/securitybydesign/securityprinciples/).
+If you have improvements or CI configuration tips, contributions via pull requests to this documentation are welcome.
+:::{note}
+[Data Exfiltration Detection functionality](data_exfiltration_detection) is not yet available in CI pipelines.
+:::
+:::{admonition} By default, CI scan mode uses the same analysis engine as the CLI version
+:class: important
+So Keep in mind:
+* [Some directories are excluded from SAST scanning](excluded_directories)
+* Findings marked with [markissues-label](markissues-label) are ignored by default in CI mode
+:::
+## CI Mode Command
+CI mode is enabled using the following CLI command:
+```bash
+codeaudit cimode [file|directory] [--output text|html|json] [--nosec True|False]
+```
+### Default behaviour
+* Output format: `text`
+* `nosec=True` (ignores lines marked with `# nosec`)
+### Quick Test Run
+You can test CI mode locally before integrating it into your pipeline:
+```bash
+codeaudit cimode .
+```
+Here, `.` represents the current working directory.
+### Command Options
+| Option         | Description                                                |
+| -------------- | ---------------------------------------------------------- |
+| `-o, --output` | Output format: `text`, `html`, or `json` (default: `text`) |
+| `-n, --nosec`  | Ignore findings marked with `# nosec` (default: `True`)    |
+## GitLab CI Integration
+Integrating Python Code Audit with [GitLab.com](https://gitlab.com) is straightforward and can be completed in just a few minutes.
+For GitLab CI jobs, it is recommended to always save **artifacts**, even when the job fails. This ensures that scan results are available for review in all cases. It is especially useful when using the HTML report format, as it allows you to quickly view findings directly in the browser via the CI artifacts interface.
+If needed, you can also export the `json` output for further processing in a separate secure environment, for example to integrate results into dashboards, ticketing systems, or additional analysis pipelines.
+### HTML report example
+```yml
+# SAST scan with Python Code Audit on GitLab.com
+image: python:3.13-slim
+stages:
+  - scan
+codeaudit-scan:
+  stage: scan
+  before_script:
+    - python -m pip install --upgrade pip
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . --output html > codeaudit-output.html
+  allow_failure: true
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.html
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+If a scan detects security weaknesses, the job will fail by default. In many workflows, it is common to allow CI failures so that issues are visible without blocking all development activity.
+After the job completes, results are available in the CI **artifacts**. Use *Browse artifacts* to open the HTML report directly in your browser.
+### Plain Text Output Example
+For simple readable output in CI logs:
+```yaml
+codeaudit-scan:
+  stage: scan
+  before_script:
+    - python -m pip install --upgrade pip
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . | tee codeaudit-output.txt
+  allow_failure: true
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.txt
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+### JSON Output Example
+For structured processing or integration with other tools:
+```yml
+codeaudit-scan:
+  stage: scan
+  before_script:
+    - python -m pip install --upgrade pip
+  script:
+    - pip install codeaudit
+    - codeaudit --version
+    - codeaudit cimode . --output json | tee codeaudit-output.json
+  allow_failure: true
+  artifacts:
+    when: always
+    name: "codeaudit-${CI_COMMIT_REF_NAME}"
+    paths:
+      - codeaudit-output.json
+    expire_in: 1 week
+    expose_as: "Python Code Audit Report"
+```
+## GitHub.com CI Integration
+### For readable output in CI logs
+You can use the following example CI configuration:
+```yaml
+# SAST scan with Python Code Audit on GitHub Actions
+name: Python Code Audit SAST Scan
+on:
+  push:
+  pull_request:
+jobs:
+  codeaudit-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+      - name: Upgrade pip
+        run: python -m pip install --upgrade pip
+      - name: Install Python Code Audit
+        run: pip install codeaudit
+      - name: Show version
+        run: codeaudit --version
+      - name: Run SAST scan
+        run: |
+           codeaudit cimode . --output text | tee codeaudit-output.text
+           exit ${PIPESTATUS[0]}
+      - name: Upload scan artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeaudit-${{ github.ref_name }}
+          path: codeaudit-output.text
+```
+### HTML output
+```yaml
+# SAST scan with Python Code Audit on GitHub Actions
+name: Python Code Audit SAST Scan
+on:
+  push:
+  pull_request:
+jobs:
+  codeaudit-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+      - name: Upgrade pip
+        run: python -m pip install --upgrade pip
+      - name: Install Python Code Audit
+        run: pip install codeaudit
+      - name: Show version
+        run: codeaudit --version
+      - name: Run SAST scan (HTML output)
+        run: codeaudit cimode . --output html > codeaudit-output.html
+      - name: Upload scan artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeaudit-${{ github.ref_name }}
+          path: codeaudit-output.html
+```
+On GitHub Actions, HTML reports are **not rendered directly in the browser** like a live page. They are stored as **workflow artifacts**.
+To download SAST result artifacts from the workflow run:
+After the job finishes:
+1. Go to your repository on GitHub
+2. Open the **Actions** tab
+3. Select the workflow run
+4. Scroll to the **Artifacts** section
+5. Download the artifact (usually a `.zip` file)
+6. Extract it locally
+7. Open `codeaudit-output.html` in your browser

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/codeauditcommands.md RENAMED Viewed

@@ -1,6 +1,6 @@
 % THIS FILE IS GENERATED! - Use CLIcommands.ipynb to make it better!
 # Commands Overview
-Python Code Audit commands for: version: 1.6.5rc4
+Python Code Audit commands for: version: 1.7.0
 ```
 ----------------------------------------------------
  _                    __             _

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/examples/codeauditchecks.html RENAMED Viewed

@@ -252,10 +252,28 @@ footer {
       <td>Assertions are for debugging and development. Assertions can be disabled during runtime. Use in production can introduce vulnerabilities.</td>
     </tr>
     <tr>
-      <td>Base64 Encoding</td>
-      <td>base64</td>
+      <td>Base64 Decoding</td>
+      <td>base64.b64decode</td>
+      <td>Medium</td>
+      <td>Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.</td>
+    </tr>
+    <tr>
+      <td>Base64 Decoding</td>
+      <td>base64.b64encode</td>
       <td>Low</td>
-      <td>Base64 encoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.</td>
+      <td>Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.</td>
+    </tr>
+    <tr>
+      <td>Base64 Decoding</td>
+      <td>base64.b85encode</td>
+      <td>Low</td>
+      <td>Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.</td>
+    </tr>
+    <tr>
+      <td>Base64 Decoding</td>
+      <td>base64.z85decode</td>
+      <td>Medium</td>
+      <td>Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.</td>
     </tr>
     <tr>
       <td>BZ2 File Handling</td>
@@ -744,4 +762,4 @@ footer {
       <td>Vulnerable to path traversal attacks if used with untrusted archives.</td>
     </tr>
   </tbody>
-</table><br><p>Number of implemented security validations:<b>84</b></p><p>Version of codeaudit: <b>1.6.5rc4</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-05-11 16:12</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.6.5rc4</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>
+</table><br><p>Number of implemented security validations:<b>87</b></p><p>Version of codeaudit: <b>1.7.0</b><p>Because Python and cybersecurity are constantly changing, issue reports <b>SHOULD</b> specify the codeaudit version used.</p><p><b>Disclaimer:</b> <i>This SAST tool <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> provides a powerful, automatic security analysis for Python source code. However, it's not a substitute for human review in combination with business knowledge. Undetected vulnerabilities may still exist.</i></p><p>This Python security report was created on: <b>2026-06-10 15:54</b> with <a href="https://github.com/nocomplexity/codeaudit" target="_blank"><b>Python Code Audit</b></a> version <b>1.7.0</b></p><hr><footer><div class="footer-links">Check the <a href="https://nocomplexity.com/documents/codeaudit/intro.html" target="_blank">documentation</a> for help on found issues.<br>Codeaudit is made with <span class="heart">&#10084;</span> by cyber security professionals who advocate for <a href="https://nocomplexity.com/simplify-security/" target="_blank">open simple security solutions</a>.<br><a href="https://nocomplexity.com/documents/codeaudit/CONTRIBUTE.html" target="_blank">Join the community</a> and contribute to make this tool better!</div></footer></div></body></html>

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/examples/demoscan.json RENAMED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "Python_Code_Audit",
-  "version": "1.6.5rc4",
-  "generated_on": "2026-05-11 16:12",
+  "version": "1.7.0",
+  "generated_on": "2026-06-10 15:54",
   "file_security_info": {
     "0": {
       "FileName": "demofile.py",
@@ -212,6 +212,20 @@
           "info": "This function can be used to execute arbitrary code or crash the Python interpreter.",
           "code": "<pre><code class='language-python'>compile(&#x27;nasty-string&#x27; ,&#x27;malware.bin&#x27;,mode=single, flags=0, dont_inherit=False, optimize=-1)</code></pre>"
         },
+        "238": {
+          "line": 238,
+          "validation": "base64.b64encode",
+          "severity": "Low",
+          "info": "Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.",
+          "code": "<pre><code class='language-python'>import base64\nencoded = base64.b64encode(b&#x27;data to be encoded&#x27;)\ndata = base64.b64decode(encoded)</code></pre>"
+        },
+        "239": {
+          "line": 239,
+          "validation": "base64.b64decode",
+          "severity": "Medium",
+          "info": "Base64 encoding/decoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.",
+          "code": "<pre><code class='language-python'>encoded = base64.b64encode(b&#x27;data to be encoded&#x27;)\ndata = base64.b64decode(encoded)</code></pre>"
+        },
         "244": {
           "line": 244,
           "validation": "http.server.BaseHTTPRequestHandler",
@@ -459,20 +473,6 @@
           "info": "Parsing untrusted logging configurations can lead to vulnerabilities if not handled correctly.",
           "code": "<pre><code class='language-python'>logging.config.fileConfig(fname, defaults=None, disable_existing_loggers=True, encoding=None)\n#&lt;END LOGGING checks&gt;</code></pre>"
         },
-        "238": {
-          "line": 238,
-          "validation": "base64",
-          "severity": "Low",
-          "info": "Base64 encoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.",
-          "code": "<pre><code class='language-python'>import base64\nencoded = base64.b64encode(b&#x27;data to be encoded&#x27;)\ndata = base64.b64decode(encoded)</code></pre>"
-        },
-        "239": {
-          "line": 239,
-          "validation": "base64",
-          "severity": "Low",
-          "info": "Base64 encoding is not for security. It only visually hides data and provides no confidentiality. Often used to obfuscate malware in code.",
-          "code": "<pre><code class='language-python'>encoded = base64.b64encode(b&#x27;data to be encoded&#x27;)\ndata = base64.b64decode(encoded)</code></pre>"
-        },
         "316": {
           "line": 316,
           "validation": "pickle.load",

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/features.md RENAMED Viewed

@@ -1,7 +1,7 @@
 # Features
+**Python Code Audit** is a modern security-focused source code analysis tool for Python, built on a **zero-trust** mindset. It identifies security risks, hidden behaviours, and trust boundaries without ever executing the code. This makes it safe to use on both your own projects and third-party code.
-**Python Code Audit** is a modern Python **security** source code analysis tool built on a *zero-trust* mindset. It focuses on identifying security risks, hidden behaviors, and trust boundaries in Python code—without executing it.
 :::{admonition} Key Features of Python Code Audit
 :class: tip

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/filescan.md RENAMED Viewed

@@ -33,6 +33,8 @@ Per line a the in construct that can cause a security risks is shown, along with
 ![Example view of filescan report](filescan.png)
+(excluded_directories)=
+## Excluded directories
 :::{note}
 The `codeaudit filescan` command does **NOT** include all directories. This is done on purpose!

codeaudit-1.7.0/docs/installation.md ADDED Viewed

@@ -0,0 +1,45 @@
+# Installation
+Python Code Audit is compatible with both Unix-based systems (Linux/macOS) and Windows.
+## Try without installation
+You can use Python Code Audit without installing it on your system:
+```{button-link} https://nocomplexity.com/codeauditapp/dashboardapp.html
+:color: danger
+Launch web-based version
+```
+:::{note}
+The browser-based version runs 100% locally; however, please note that not all functionality is available. You can perform a security scan on packages available from PyPI.
+:::
+## Install for full functionality
+To enable all features of Python Code Audit, install the package locally.
+### Installation command
+To install or upgrade to the latest version, run the following command in your terminal or command prompt:
+```bash
+pip install -U codeaudit
+```
+### Verify your installation
+Once the installation is complete, you can begin scanning Python packages immediately. Open a new shell or Command Prompt window and execute any of the Python Code Audit commands to verify the setup.
+### Example usage
+```bash
+codeaudit filescan ultrafastrss
+```
+This command scans the `ultrafastrss` package directly from PyPI.org and generates an HTML report.
+:::{hint}
+We recommend using `pip` for installation.
+:::

{codeaudit-1.6.5 → codeaudit-1.7.0}/docs/intro.md RENAMED Viewed

@@ -136,7 +136,7 @@ To keep up with current threats, you need a Python Application Security Testing
 :::{note}
 This `Python Code Audit` tool is built to be fast, lightweight, and easy to use.
-By default, the tool scans Python code against more than **84 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk.
+By default, the tool scans Python code against more than **87 rules** to detect potential security vulnerabilities. These rules target unsafe constructs of the standard Python libraries that could pose a security risk.
 :::

codeaudit 1.6.5__tar.gz → 1.7.0__tar.gz

codeaudit 1.6.5tar.gz → 1.7.0tar.gz