Netra Security launches Python SAST tool

Netra Security released its first open-source version, a Python-written static application security testing tool that scans source code for seven high-severity vulnerability patterns [DevTo]. The tool uses Python's built-in ast module to walk the abstract syntax tree and match only actual function-call nodes, reducing false positives [Python Docs].

The current engine reports findings with rule ID, severity, line number, and remediation advice. The rule set includes:

• NETRA-001 – Command Injection (Critical)
• NETRA-002 – Code Injection (Critical)
• NETRA-003 – Hardcoded Password (High)
• NETRA-004 – Hardcoded API Key (High)
• NETRA-005 – Arbitrary Code Execution (Critical)
• NETRA-006 – Insecure Deserialization (High)
• NETRA-007 – Dangerous Subprocess Usage (High)

A sample run on a test script produced five findings, all correctly mapped to the offending lines [DevTo]. The tool can export results as JSON or CSV and is packaged for pip installation. Planned extensions include multi-file project scanning, a Flask-based web dashboard, and CI/CD integration via GitHub Actions.

Netra Security fills the niche between ad-hoc script checks and heavyweight platforms, giving Python shops a zero-cost entry point while exposing the trade-offs of rule-based analysis [DevTo]. As the project matures, its community-driven rule expansion could make it a viable competitor for lightweight CI pipelines.