A tool for scanning Python environments for known vulnerabilities

These details have been verified by PyPI

Owner

Python Packaging Authority

Maintainers

di trailofbits woodruffw

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 2 - Pre-Alpha
Intended Audience
- Developers
License
- OSI Approved :: Apache Software License
Programming Language
- Python :: 3
Topic
- Security

Project description

pip-audit

pip-audit is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) as a source of vulnerability reports.

This project is developed by Trail of Bits with support from Google. This is not an official Google product.

Development steps

git clone https://github.com/trailofbits/pip-audit && cd pip-audit
make dev && source env/bin/activate
pip-audit --help

Release process

Releases of pip-audit are managed via bump and GitHub Actions.

# default release (patch bump)
make release

# override the default
# vX.Y.Z -> vX.Y.Z-rc.0
make release BUMP_ARGS="--pre rc.0"

# vX.Y.Z -> vN.0.0
make release BUMP_ARGS="--major"

make release will fail if there are any untracked changes in the source tree.

If make release succeeds, you'll see an output like this:

RUN ME MANUALLY: git push origin main && git push origin vX.Y.Z

Run that last command sequence to complete the release.

Licensing

pip-audit is licensed under the Apache 2.0 License.

pip-audit reuses and modifies examples from resolvelib, which is licensed under the ISC license.

Project details

These details have been verified by PyPI

Owner

Python Packaging Authority

Maintainers

di trailofbits woodruffw

These details have not been verified by PyPI

Project links

Homepage

Development Status
- 2 - Pre-Alpha
Intended Audience
- Developers
License
- OSI Approved :: Apache Software License
Programming Language
- Python :: 3
Topic
- Security

Release history Release notifications | RSS feed

2.7.3

Apr 30, 2024

2.7.2

Feb 29, 2024

2.7.1

Feb 12, 2024

2.7.0

Jan 11, 2024

2.6.3

Jan 8, 2024

2.6.2

Dec 19, 2023

2.6.1

Jul 24, 2023

2.6.0

Jul 2, 2023

2.5.6

May 23, 2023

2.5.5

May 4, 2023

2.5.4

Mar 29, 2023

2.5.3

Mar 23, 2023

2.5.2

Mar 20, 2023

2.5.1

Mar 17, 2023

2.5.0

Mar 16, 2023

2.4.15 yanked

Jan 31, 2023

Reason this release was yanked:

Severe behavioral regressions

2.4.14

Jan 20, 2023

2.4.13

Jan 10, 2023

2.4.12

Dec 29, 2022

2.4.11

Dec 28, 2022

2.4.10

Dec 15, 2022

2.4.9

Dec 14, 2022

2.4.8

Dec 8, 2022

2.4.7

Nov 28, 2022

2.4.6

Nov 21, 2022

2.4.5

Oct 31, 2022

2.4.4

Sep 1, 2022

2.4.3

Jul 25, 2022

2.4.2

Jul 21, 2022

2.4.1

Jul 7, 2022

2.4.0

Jun 30, 2022

2.3.4

Jun 24, 2022

2.3.3

Jun 15, 2022

2.3.2

Jun 14, 2022

2.3.1

May 24, 2022

2.3.0

May 18, 2022

2.2.1

May 2, 2022

2.2.0

May 2, 2022

2.1.1

Mar 29, 2022

2.1.0

Mar 11, 2022

2.0.0

Feb 18, 2022

1.1.2

Jan 13, 2022

1.1.1

Dec 7, 2021

1.1.0

Dec 6, 2021

1.0.1

Dec 2, 2021

1.0.0

Dec 1, 2021

0.0.9

Dec 1, 2021

0.0.8

Nov 29, 2021

0.0.7

Nov 22, 2021

0.0.6

Nov 10, 2021

0.0.5

Nov 9, 2021

0.0.4

Nov 9, 2021

0.0.3

Nov 3, 2021

This version

0.0.2

Oct 29, 2021

0.0.1

Oct 28, 2021

0.0.1rc2 pre-release

Oct 12, 2021

0.0.1rc1 pre-release

Sep 21, 2021

0.0.1rc0 pre-release

Sep 16, 2021

0.0.1b0 pre-release

Oct 28, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip-audit-0.0.2.tar.gz (20.7 kB view details)

Uploaded Oct 29, 2021 Source

Built Distribution

pip_audit-0.0.2-py3-none-any.whl (24.9 kB view details)

Uploaded Oct 29, 2021 Python 3

File details

Details for the file pip-audit-0.0.2.tar.gz.

File metadata

Download URL: pip-audit-0.0.2.tar.gz
Upload date: Oct 29, 2021
Size: 20.7 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for pip-audit-0.0.2.tar.gz
Algorithm	Hash digest
SHA256	`75f38a5c8f2ad288463996650a9b421c861c9de9f320ca8b4ec6f5344a3473ba`
MD5	`bf104c4fccfb5d95b7475621054f847c`
BLAKE2b-256	`d1d87e50a3c3be0f82cb52147af5839e952ca77e726cb547e543c6351ecd2e18`

See more details on using hashes here.

Provenance

File details

Details for the file pip_audit-0.0.2-py3-none-any.whl.

File metadata

Download URL: pip_audit-0.0.2-py3-none-any.whl
Upload date: Oct 29, 2021
Size: 24.9 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for pip_audit-0.0.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`cdd4a0117ded2c65bd8ddb868c6a37885e4abc1313e566308b5520378fb87cf6`
MD5	`c7a9add20b1418998baeceb9cda491c4`
BLAKE2b-256	`c323fc8ad9064f060f2baf48ef65f007849b32374daa6374b54778e0004eb01a`