pip-audit 2.7.2

A tool for scanning Python environments for known vulnerabilities

Stars: 910, Watchers: 910, Forks: 60, Open Issues: 60

The pypa/pip-audit repo was created 2 years ago and the last code push was 23 minutes ago.
The project is popular with 910 github stars!

How to Install pip-audit

You can install pip-audit using pip

pip install pip-audit

or add it to a project with poetry

poetry add pip-audit

Package Details

Author

License

Homepage

PyPi:

https://pypi.org/project/pip-audit/

GitHub Repo:

https://github.com/trailofbits/pip-audit

Classifiers

• Security

Related Packages

Errors

A list of common pip-audit errors.

Code Examples

Here are some pip-audit code examples and snippets.

GitHub Issues

The pip-audit package has 60 open issues on GitHub

• Make pip-audit's spinner still more responsive
• Option to skip dependencies with empty PyPI listing.
• pypi_provider asks for bogus requirement pkg_resources==0.0.0
• explicitly ignore (e.g. internal) libraries?
• Remove Python 3.6 support when pip does
• Make more information available in the reports
• Feature: output in SARIF format
• Feature: create GitHub action to simplify GitHub workflow integration
• Add a –require-hashes flag
• Support pyproject.toml
• Support auditing sub-dependencies of individual projects
• Schematize the PyPI vulnerability API
• Support other Python packaging formats
• Integration into pip
• Support auditing container images

See more issues on GitHub