We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source
        Avoid vulnerable dependencies
      • Snyk Code
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
PyCharm plugin
EcosystemsProduct

Helping Python developers shift security left with a new PyCharm plugin

Daniel BermanSeptember 8, 2020

We’re happy to announce Snyk’s brand new PyCharm plugin, helping Python developers find and fix security and license issues in their open source dependencies as early as their first lines of code! 

Tackling vulnerabilities within the IDE is an important part of shifting security left and enabling developers to take on more responsibility for security as part of their existing workflows. The 2020 “Modern Application Development Security” report by ESG highlights this capability as one of the 10 key elements of an effective AppSec program. 

This new PyCharm plugin complements Snyk’s existing list of IDE integrations for IntelliJ and Eclipse, providing developers with wide coverage across a variety of ecosystems and enabling them to shift security as far left as possible.

Snyk for Python

As one of the most popular programming languages used today, it should come as no surprise that Snyk monitors thousands of Python projects a month.  Helping our Python users—and the Python community as a whole—to keep their applications secure and compliant is a top priority for us and we’ve continuously invested in introducing new capabilities and enhancing existing ones. 

Python applications can be tested via CLI or using our Git-based integrations for GitHub, Bitbucket, and Gitlab. Earlier this year, we added support for automated remediation, helping Python developers not only find vulnerabilities but also quickly fix them with the help of automatic fic pull requests triggered when a new vulnerability is found. 

Providing a native integration for PyCharm was the next step. Being the most popular tool for Python development (with a 54% combined share for PyCharm Professional and Community editions, according to the JetBrains 2020 State of Developer Ecosystem survey), we wanted to ensure Python developers had the ability to easily integrate security and license compliance testing into their favorite development tool. 

PyCharm plugin key features

Snyk’s PyCharm plugin identifies security vulnerabilities and licenses compliance issues in your open source dependencies. It runs automatically and highlights the issues within the IDE so they can be fixed quickly.

  • Easy to use: the plugin can easily be installed either from within PyCharm itself or via the marketplace.
  • Comprehensive and actionable: results show both security vulnerabilities and license issues, together with contextual and actionable remediation information. The plugin supports Pip, pipenv, and PyPi.
  • Accurate: the plugin is based on the Snyk CLI, which in turn scans your dependencies and correlates finding with the Snyk Intel vulnerability database—the most comprehensive, timely, and accurate vulnerability database in the market.

Getting started

The Snyk PyCharm plugin is free but to use it you need to be a Snyk user. 

Before you start, make sure you are signed into the Snyk app and that your Python dependencies have been installed. 

To install the plugin from within PyCharm, go to Preferences → Plugins, and search for Snyk. 

getting started with Snyk pycharm plugin step 1

Hit the Install button – PyCharm downloads and installs the latest version of the Snyk CLI and a new Snyk tab appears at the bottom of PyCharm.

getting started with Snyk pycharm plugin step 2

Before you start your first scan, be sure to authenticate your Snyk account. To do this, simply retrieve your API token from within Snyk and add it in the plugin’s settings, at Preferences → Tools → Snyk:

getting started with Snyk pycharm plugin step 3

Once successfully authenticated, open the Snyk tab and hit the Scan button to commence Snyk’s security testing. Within a few seconds, should the plugin identify any vulnerabilities, a list of issues will be displayed:

getting started with Snyk pycharm plugin step 4

Scan results contain a wealth of information to help facilitate a quick fix, including the severity level for the vulnerability (based on CVSS) and the title/type of vulnerability. Additional details about the vulnerability expose how it was introduced by information on available exploits in the wild while an overview of the vulnerability explains how it can be exploited.

In terms of remediation, the Snyk plugin will help you fix the vulnerability by recommending the upgrade required. Snyk will always recommend the minimal path required to fix the specific issue to ensure minima risk of breakage. 

A link at the bottom of the issue details leads you to Snyk’s vulnerability database where you can see additional details on the vulnerability such as its CVE, CWE, CVSS score, and more:

Snyk vulnerability DB example

Endnotes

This is the first version of this plugin and we are planning to add additional improvement in the near future. In the meantime, please feel free to send us any feedback you may have so we can prioritize the next set of features!

Happy coding!

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom