A tool for scanning Python environments for known vulnerabilities

Navigation

Verified details

These details have been verified by PyPI
Owner
organization icon Python Packaging Authority
Maintainers
Avatar for di from gravatar.com di Avatar for trailofbits from gravatar.com trailofbits Avatar for woodruffw from gravatar.com woodruffw

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: William Woodruff
  • Requires: Python >=3.6
Classifiers

Project description

pip-audit

CI PyPI version

pip-audit is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) as a source of vulnerability reports.

This project is developed by Trail of Bits with support from Google. This is not an official Google product.

Development steps

git clone https://github.com/trailofbits/pip-audit && cd pip-audit
make dev && source env/bin/activate
pip-audit --help

Release process

Releases of pip-audit are managed via bump and GitHub Actions.

# default release (patch bump)
make release

# override the default
# vX.Y.Z -> vX.Y.Z-rc.0
make release BUMP_ARGS="--pre rc.0"

# vX.Y.Z -> vN.0.0
make release BUMP_ARGS="--major"

make release will fail if there are any untracked changes in the source tree.

If make release succeeds, you'll see an output like this:

RUN ME MANUALLY: git push origin main && git push origin vX.Y.Z

Run that last command sequence to complete the release.

Licensing

pip-audit is licensed under the Apache 2.0 License.

pip-audit reuses and modifies examples from resolvelib, which is licensed under the ISC license.

Project details

Verified details

These details have been verified by PyPI
Owner
organization icon Python Packaging Authority
Maintainers
Avatar for di from gravatar.com di Avatar for trailofbits from gravatar.com trailofbits Avatar for woodruffw from gravatar.com woodruffw

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: William Woodruff
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

2.7.3

2.7.2

2.7.1

2.7.0

2.6.3

2.6.2

2.6.1

2.6.0

2.5.6

2.5.5

2.5.4

2.5.3

2.5.2

2.5.1

2.5.0

2.4.15 yanked

Reason this release was yanked:

Severe behavioral regressions

2.4.14

2.4.13

2.4.12

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.2.1

2.2.0

2.1.1

2.1.0

2.0.0

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

This version

0.0.2

0.0.1

0.0.1rc2 pre-release

0.0.1rc1 pre-release

0.0.1rc0 pre-release

0.0.1b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pip-audit-0.0.2.tar.gz (20.7 kB view hashes)

Uploaded Source

Built Distribution

pip_audit-0.0.2-py3-none-any.whl (24.9 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page