Skip to main content

A tool for scanning Python environments for known vulnerabilities

Project description

pip-audit

CI PyPI version

pip-audit is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) as a source of vulnerability reports.

This project is developed by Trail of Bits with support from Google. This is not an official Google product.

Development steps

git clone https://github.com/trailofbits/pip-audit && cd pip-audit
make dev && source env/bin/activate
pip-audit --help

Release process

Releases of pip-audit are managed via bump and GitHub Actions.

# default release (patch bump)
make release

# override the default
# vX.Y.Z -> vX.Y.Z-rc.0
make release BUMP_ARGS="--pre rc.0"

# vX.Y.Z -> vN.0.0
make release BUMP_ARGS="--major"

make release will fail if there are any untracked changes in the source tree.

If make release succeeds, you'll see an output like this:

RUN ME MANUALLY: git push origin main && git push origin vX.Y.Z

Run that last command sequence to complete the release.

Licensing

pip-audit is licensed under the Apache 2.0 License.

pip-audit reuses and modifies examples from resolvelib, which is licensed under the ISC license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip-audit-0.0.2.tar.gz (20.7 kB view details)

Uploaded Source

Built Distribution

pip_audit-0.0.2-py3-none-any.whl (24.9 kB view details)

Uploaded Python 3

File details

Details for the file pip-audit-0.0.2.tar.gz.

File metadata

  • Download URL: pip-audit-0.0.2.tar.gz
  • Upload date:
  • Size: 20.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for pip-audit-0.0.2.tar.gz
Algorithm Hash digest
SHA256 75f38a5c8f2ad288463996650a9b421c861c9de9f320ca8b4ec6f5344a3473ba
MD5 bf104c4fccfb5d95b7475621054f847c
BLAKE2b-256 d1d87e50a3c3be0f82cb52147af5839e952ca77e726cb547e543c6351ecd2e18

See more details on using hashes here.

Provenance

File details

Details for the file pip_audit-0.0.2-py3-none-any.whl.

File metadata

  • Download URL: pip_audit-0.0.2-py3-none-any.whl
  • Upload date:
  • Size: 24.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7

File hashes

Hashes for pip_audit-0.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 cdd4a0117ded2c65bd8ddb868c6a37885e4abc1313e566308b5520378fb87cf6
MD5 c7a9add20b1418998baeceb9cda491c4
BLAKE2b-256 c323fc8ad9064f060f2baf48ef65f007849b32374daa6374b54778e0004eb01a

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page