7 releases
0.1.6 | Oct 15, 2023 |
---|---|
0.1.5 | Jun 29, 2023 |
0.1.3 | May 22, 2023 |
#1124 in Command line utilities
25 downloads per month
1.5MB
1.5K
SLoC
🐍 Pyscan
A dependency vulnerability scanner for your python projects, straight from the terminal.
- can be used within large projects. (see benchmarks)
- automatically finds dependencies either from configuration files or within source code.
- support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
- hasn't been battle-hardened yet. PRs and issue makers welcome.
🕊️ Install
pip install pyscan-rs
look out for the "-rs" part or
cargo install pyscan
check out the releases.
🐇 Usage
Go to your python source directory (or wherever you keep your requirements.txt
/pyproject.toml
) and run:
> pyscan
or
> pyscan -d path/to/src
Pyscan will find any dependencies added through poetry, hatch, filt, pdm, etc. Here's the order of precedence for a source/config file:
requirements.txt
pyproject.toml
- your source code (
.py
)
Pyscan will use your pip
to find unknown versions, otherwise pypi.org for the latest version. Still, Make sure you version-ize your requirements and use proper pep-508 syntax.
Building
pyscan requires a rust version of < v1.70
, and might be unstable on previous releases.
There's an overview of the codebase at architecture. Grateful for all the contributions so far.
🦀 Note
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like safety Dependabot, pip-audit
, trivy and the likes.
🐰 Todo
As of October 15, 2023:
- Gather time to work on it (incredible task as a high schooler)
- Persistent state representation of a project's security.
- Graphical analysis of dependencies and their dependencies, and so on.
- Better display, search, filter of vulns
🐹 Donate
While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.
Dependencies
~14–28MB
~397K SLoC