Zero‑config • GitHub Actions • pip‑audit

Python Security
Audit Recipe

A tiny, powerful workflow to keep your Python dependencies safe—with smart issues, clean reports, and no yak‑shaving.

Get Started
Works with any Python project • 30s setup • Weekly scans by default

🔍 Multi‑Tool Ready

Ships with pip‑audit and slots for Bandit/Semgrep—toggle what you need.

⚡ Zero Config

Drop in the workflow—get issues, artifacts, and status without touching a line of code.

🔔 Smart Signals

Noise‑free GitHub issues when vulnerabilities appear; auto‑close when clean.

Pick a Recipe

🏠
Basic

Single requirements.txt

Open →
🏢
Enterprise

Dev / Staging / Prod

Open →
🧩
Django

Framework checks

Open →
FastAPI

Async + env split

Open →

Quick FAQs

Will it spam me with issues?

No! It's smart—creates one issue when vulnerabilities are found, updates it with new scans, and auto-closes when everything is clean.

Can I fail CI when vulnerabilities are found?

Yes—the workflow can be configured to fail your CI/CD pipeline when vulnerabilities are detected. Perfect for blocking deployments until security issues are fixed.

Does this work with private repositories?

Absolutely! Works with both public and private repos. Private repos get 2,000 free GitHub Actions minutes per month.

Where do I see results?

In Actions → Artifacts (JSON/Markdown reports) and an auto-managed GitHub Issue with detailed vulnerability info and fix instructions.

More questions? Check the full FAQs.

Ready to secure your repo?

Start with one command—or grab the minimal YAML and go.

🍳 Browse Recipes ⭐ Star on GitHub