
Pysa: An open source tool to detect and prevent security issues in Python code - jimarcey
https://engineering.fb.com/security/pysa/
======
sinancepel
One of the authors of the blog post and software engineer working on Pysa here
- happy to answer any questions you may have :)

~~~
galtwho
What is the story behind the name?

Was that always the name?

~~~
BerislavLopac
My guess: it's an acronym, probably for "Python security analysis" or
something similar.

------
prepend
This seems like a good idea and the more open source static analyzers the
better. (It really tempts me to eventually pay for GitLab high versions.)

Pysa is part of pyre-check and the documentation [0] seems like a lot of work
to set up and hope it gets better.

I’m using to using safety [1] and bandit [2] and they are one line drop ins to
my builds.

Pysa isn’t the same thing and seems much more powerful but I hope they get to
a “Just give me something useful out of the box and I’ll customize my taint
scans later.”

[0] [https://pyre-check.org/docs/pysa-running](https://pyre-
check.org/docs/pysa-running) [1]
[https://pypi.org/project/safety/](https://pypi.org/project/safety/) [2]
[https://pypi.org/project/bandit/](https://pypi.org/project/bandit/)

------
sandGorgon
Can Pysa work on Fastapi. Its fully type-hinted using pydantic

