A tool for scanning Python environments for known vulnerabilities
Project description
pip-audit
pip-audit
is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) as a source of vulnerability reports.
This project is developed by Trail of Bits with support from Google. This is not an official Google product.
Development steps
git clone https://github.com/trailofbits/pip-audit && cd pip-audit
make dev && source env/bin/activate
pip-audit --help
Release process
Releases of pip-audit
are managed via bump
and GitHub Actions.
# default release (patch bump)
make release
# override the default
# vX.Y.Z -> vX.Y.Z-rc.0
make release BUMP_ARGS="--pre rc.0"
# vX.Y.Z -> vN.0.0
make release BUMP_ARGS="--major"
make release
will fail if there are any untracked changes in the source tree.
If make release
succeeds, you'll see an output like this:
RUN ME MANUALLY: git push origin main && git push origin vX.Y.Z
Run that last command sequence to complete the release.
Licensing
pip-audit
is licensed under the Apache 2.0 License.
pip-audit
reuses and modifies examples from
resolvelib
, which is licensed under
the ISC license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pip-audit-0.0.2.tar.gz
.
File metadata
- Download URL: pip-audit-0.0.2.tar.gz
- Upload date:
- Size: 20.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 75f38a5c8f2ad288463996650a9b421c861c9de9f320ca8b4ec6f5344a3473ba |
|
MD5 | bf104c4fccfb5d95b7475621054f847c |
|
BLAKE2b-256 | d1d87e50a3c3be0f82cb52147af5839e952ca77e726cb547e543c6351ecd2e18 |
Provenance
File details
Details for the file pip_audit-0.0.2-py3-none-any.whl
.
File metadata
- Download URL: pip_audit-0.0.2-py3-none-any.whl
- Upload date:
- Size: 24.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cdd4a0117ded2c65bd8ddb868c6a37885e4abc1313e566308b5520378fb87cf6 |
|
MD5 | c7a9add20b1418998baeceb9cda491c4 |
|
BLAKE2b-256 | c323fc8ad9064f060f2baf48ef65f007849b32374daa6374b54778e0004eb01a |