AuraBorealisApp : A Tool For Visualizing Python Package Registry Security Audit Data

AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the Python Package Index (PyPI) via Aura, a static analysis designed for large scale security auditing of Python packages. The current tool is a proof-of-concept, and includes some live Aura data, as well as some mockup data for demo purposes.

Current features include:

  • Scanning the entire python package registry to:
    • List packages with the highest number of security warnings, sorted by Aura warning type
    • List packages sorted by the total and unique count of warnings
    • List packages by their overall severity score
  • Displaying security warnings for an individual package, sorted by criticality
  • Visualize the line numbers and lines of code in files generating security warnings for a specific package
  • Compare two packages for security warnings

Instructions

Turn on your VPN (at IQT)

Clone the repository.

git clone https://github.com/IQTLabs/AuraBorealisApp.git

Navigate to aura-borealis-flask-app directory.

cd aura-borealis-flask-app

Install dependencies.

pip install -r requirements.txt

Run the app.

python app.py

Navigate to the URL http://0.0.0.0:7000/ via a browser.

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

6 days ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

6 days ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

7 days ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

7 days ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

7 days ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago