Psutil
General Information
| Field | Value |
|---|---|
| Package Name | psutil |
| Manufacturer / Vendor | Giampaolo Rodolà (open-source maintainer) |
| Software Category | Library |
| Primary Documentation | Documentation, GitHub, PyPI |
| Programming Language(s) | Python, C |
| License | BSD-3-Clause |
| Deployed Version(s) | >=7.1.0 (version-locked at 7.1.3 and 7.2.1 across microservices) |
| Most Recent Available Version | 7.2.2 |
| Last Review Date | 2026-01-27 |
Overview
psutil (process and system utilities) is a cross-platform library for retrieving information on running processes and system utilization in Python. It provides a portable interface to access CPU, memory, disk, network, and sensor information across Linux, Windows, macOS, FreeBSD, OpenBSD, NetBSD, and Sun Solaris. The library implements functionality equivalent to UNIX command-line tools such as ps, top, free, df, kill, nice, ionice, iostat, iotop, uptime, and netstat. With Python 3.6+ support and over 10,000 GitHub stars, psutil is among the top 100 most-downloaded Python packages and the de facto standard for system monitoring in the Python ecosystem.
Within the medical device software, psutil serves as the system resource monitoring layer that provides real-time hardware utilization metrics for operational health monitoring and capacity management. It is integrated into the legithp-expert framework and deployed across all 50+ expert microservices. Specifically, psutil is used for:
- CPU monitoring: Retrieving CPU utilization percentage via
cpu_percent(), physical core count viacpu_count(logical=False), and logical thread count viacpu_count(logical=True)for capacity assessment - Memory monitoring: Obtaining RAM usage metrics (total, available, used, percentage) via
virtual_memory()for memory pressure detection - Disk monitoring: Querying filesystem usage (total, used, free, percentage) via
disk_usage()for storage capacity tracking - Health endpoints: Exposing aggregated resource metrics via the REST API endpoint
GET /system/resourcesfor operational monitoring and alerting - Infrastructure support: Providing hardware telemetry for deployment capacity planning and resource allocation decisions
The library was selected for its cross-platform portability ensuring consistent behavior across deployment environments, comprehensive coverage of system metrics without requiring platform-specific code, active maintenance with regular releases and security updates, efficient C-based implementation minimizing monitoring overhead, and permissive BSD licensing compatible with commercial medical device software.
Functional Requirements
The following functional capabilities of this SOUP are relied upon by the medical device software.
| Requirement ID | Description | Source / Reference |
|---|---|---|
| FR-001 | Retrieve current CPU utilization as a percentage | psutil.cpu_percent() function |
| FR-002 | Obtain physical CPU core count | psutil.cpu_count(logical=False) |
| FR-003 | Obtain logical CPU thread count (including hyper-threading/SMT) | psutil.cpu_count(logical=True) |
| FR-004 | Retrieve virtual memory (RAM) usage statistics | psutil.virtual_memory() function |
| FR-005 | Query disk/filesystem usage for a specified path | psutil.disk_usage(path) function |
Performance Requirements
The following performance expectations are relevant to the medical device software.
| Requirement ID | Description | Acceptance Criteria |
|---|---|---|
| PR-001 | System metric retrieval shall complete within acceptable latency bounds | Monitoring operations do not impact inference latency |
| PR-002 | Memory usage of the library itself shall remain minimal | No significant memory overhead from monitoring operations |
| PR-003 | CPU overhead for monitoring shall be negligible | Monitoring does not consume measurable CPU resources |
| PR-004 | Metric values shall accurately reflect actual system state | Reported values correlate with operating system measurements |
Hardware Requirements
The following hardware dependencies or constraints are imposed by this SOUP component.
| Requirement ID | Description | Notes / Limitations |
|---|---|---|
| HR-001 | x86-64 or ARM64 processor architecture | Pre-built wheels available for common platforms |
| HR-002 | Operating system with procfs or equivalent | Linux /proc, macOS sysctl, Windows WMI for system information |
| HR-003 | Standard filesystem for disk usage queries | Requires mounted filesystem at queried path |
Software Requirements
The following software dependencies and environmental assumptions are required by this SOUP component.
| Requirement ID | Description | Dependency / Version Constraints |
|---|---|---|
| SR-001 | Python runtime environment | Python >=3.6 (3.10+ used by the device) |
| SR-002 | C compiler for source builds (optional) | Pre-built wheels eliminate this requirement |
| SR-003 | Operating system APIs for system information | Linux procfs, macOS sysctl, Windows WMI |
Known Anomalies Assessment
This section evaluates publicly reported issues, defects, or security vulnerabilities associated with this SOUP component and their relevance to the medical device software.
| Anomaly Reference | Status | Applicable | Rationale | Reviewed At |
|---|---|---|---|---|
| CVE-2019-18874 (Double free vulnerability) | Fixed | No | Affects psutil <=5.6.5 due to refcount mishandling in loop converting system data to Python objects; the device uses version-locked 7.1.3–7.2.1 which includes the fix | 2026-01-27 |
psutil is actively maintained by Giampaolo Rodolà with a strong track record of stability and responsiveness. The project maintains a security policy encouraging private disclosure via Tidelift's coordinated vulnerability response system. According to the GitHub Security Advisories page, there are no published security advisories for the current versions.
The device's usage pattern minimizes attack surface exposure:
- Read-only operations: psutil is used exclusively for reading system metrics; it does not modify system state, terminate processes, or change resource limits
- Internal monitoring only: Resource metrics are exposed via an internal administrative endpoint, not directly accessible to end users or external systems
- No process manipulation: The device does not use psutil's process control capabilities (
kill(),nice(),ionice()), only passive monitoring functions - Version locking: Requirements lock files pin psutil at versions 7.1.3 and 7.2.1 across all microservices, ensuring reproducible deployments with all known vulnerabilities addressed
- Container isolation: Each microservice runs in isolated containers where psutil reports only the container's visible resources, limiting information exposure
- No network operations: The device does not use psutil's network interface or connection enumeration features
Risk Control Measures
The following risk control measures are implemented to mitigate potential security and operational risks associated with this SOUP component:
- Version locking via requirements_lock.txt files ensures reproducible, auditable deployments with known-secure versions
- Read-only usage pattern eliminates risks associated with process manipulation functions
- Internal administrative endpoint requires authentication and is not exposed to external networks
- Container isolation limits visible system information to the container's own resources
- Hexagonal architecture with adapter pattern enables replacement of psutil if security issues arise
Assessment Methodology
The following methodology was used to identify and assess known anomalies:
-
Sources consulted:
- National Vulnerability Database (NVD) search for "psutil"
- GitHub Security Advisories for giampaolo/psutil
- psutil security policy
- CVE Details for psutil
- PyPI package security reports
-
Criteria for determining applicability:
- Vulnerability must affect deployed versions (7.1.3, 7.2.1)
- Vulnerability must be exploitable in the device's operational context (read-only monitoring)
- Attack vector must be reachable through the device's interfaces (internal endpoint only)
- Container isolation and version constraints must not already mitigate the vulnerability
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003 Design & Development Manager, JD-004 Quality Manager & PRRC
- Approver: JD-001 General Manager