A powerful Python CLI tool that scans GitHub repositories for security patterns and vulnerable code. Run Semgrep and CodeQL analysis at scale.
Built for developers and security researchers who need to find and analyze vulnerable patterns at scale.
Automatically clone and run Semgrep analysis on discovered repositories. Use built-in security rules or provide your own custom patterns for targeted scanning.
Deep semantic security scanning. Detect complex vulnerabilities that require code flow analysis.
Write your own patterns for specialized security research with full flexibility.
See how Scanipy helps discover real vulnerabilities in popular open source projects.
Use Scanipy to search GitHub for dangerous code patterns like pickle.loads across Python repositories.
Scanipy automatically clones matching repos and runs Semgrep analysis with security-focused rule sets.
Review findings, confirm the vulnerability, and prepare a responsible disclosure.
python-socketio — Arbitrary code execution (RCE) through malicious pickle deserialization in multi-server deployments.
Discoverer: locus-x64
From install to first scan in under a minute.
Comprehensive guides, active community, and open source collaboration. Get the help you need.