Contents

pip-audit 1.1.2

0

A tool for scanning Python environments for known vulnerabilities

A tool for scanning Python environments for known vulnerabilities

Stars: 369, Watchers: 369, Forks: 18, Open Issues: 36

The trailofbits/pip-audit repo was created 4 months ago and was last updated 5 hours ago.
The project is popular with 369 github stars!

How to Install pip-audit

You can install pip-audit using pip

pip install pip-audit

or add it to a project with poetry

poetry add pip-audit

Package Details

Author
William Woodruff
License
Apache-2.0
Homepage
https://github.com/trailofbits/pip-audit
PyPi
https://pypi.org/project/pip-audit/
GitHub Repo
https://github.com/trailofbits/pip-audit

Classifiers

  • Security
No  pip-audit  pypi packages just yet.

Errors

A list of common pip-audit errors.

No  pip-audit  errors just yet.

Code Examples

Here are some pip-audit code examples and snippets.

No  pip-audit  code examples just yet.

GitHub Issues

The pip-audit package has 36 open issues on GitHub

  • Remove Python 3.6 support when pip does
  • Make more information available in the reports
  • Feature: output in SARIF format
  • Feature: create GitHub action to simplify GitHub workflow integration
  • ResolutionImpossible errors in requirements mode
  • Respect extra-index-url in pip.conf
  • Improved error messaging when a package fails to install
  • Failed to install packages error - possibly due to pets4py package
  • Performance is dramatically worse for -r requirements than without it.
  • Add a –require-hashes flag
  • Detailed installation reports
  • scan without resolving/downloading dependencies
  • Skipped packages don't get printed if there are no vulnerabilities found
  • Pip virtual environments unexpected system-level vulns
  • Evaluate tools for introspecting container images

See more issues on GitHub

See Also

pip 21.3.1

The PyPA recommended tool for installing Python packages.

mitmproxy 7.0.4

An interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.