I originally built PySpector because I kept running into two problems with existing Python security scanners: - performance issues on larger codebases - lack of deeper analysis (like inter-procedural taint tracking)
PySpector’s approach is: - a Rust core for fast, parallel analysis (making PySpector 71% faster than Bandit and 16.6x faster than Semgrep) - Python for orchestration and extensibility - multi-layered detection using regex, AST analysis, and taint flow tracking - static rules for LLM/AI model vulnerabilities - TUI for triaging issues
The project is still in beta and actively evolving. I would love some feedbacks, and i appreciate (a lot) contributions around: - security rule design (especially AI Security ones) - taint analysis - improvements to the Rust core that enhance performances - developer experience and documentation
If you work on static analysis, security tooling, AppSec or Rust/Python scripting in general, I’d really appreciate your thoughts (and help, if you're feeling generous xD)
Repo: https://github.com/ParzivalHack/PySpector Website: https://parzivalhack.github.io/PySpector/