pip-audit 2.7.2
0
A tool for scanning Python environments for known vulnerabilities
Contents
A tool for scanning Python environments for known vulnerabilities
Stars: 910, Watchers: 910, Forks: 60, Open Issues: 60The pypa/pip-audit
repo was created 2 years ago and the last code push was 23 minutes ago.
The project is popular with 910 github stars!
How to Install pip-audit
You can install pip-audit using pip
pip install pip-audit
or add it to a project with poetry
poetry add pip-audit
Package Details
- Author
- License
- Homepage
- PyPi:
- https://pypi.org/project/pip-audit/
- GitHub Repo:
- https://github.com/trailofbits/pip-audit
Classifiers
- Security
Related Packages
Errors
A list of common pip-audit errors.
Code Examples
Here are some pip-audit
code examples and snippets.
GitHub Issues
The pip-audit package has 60 open issues on GitHub
- Make
pip-audit
's spinner still more responsive - Option to skip dependencies with empty PyPI listing.
- pypi_provider asks for bogus requirement pkg_resources==0.0.0
- explicitly ignore (e.g. internal) libraries?
- Remove Python 3.6 support when
pip
does - Make more information available in the reports
- Feature: output in SARIF format
- Feature: create GitHub action to simplify GitHub workflow integration
- Add a –require-hashes flag
- Support
pyproject.toml
- Support auditing sub-dependencies of individual projects
- Schematize the PyPI vulnerability API
- Support other Python packaging formats
- Integration into
pip
- Support auditing container images