A Python library that parses dependency lockfiles, queries vulnerability databases (OSV.dev), and enriches results with EPSS scores.
Project description
cve-triage
cve-triage is a Python library that parses common dependency lockfiles, queries vulnerability databases (OSV.dev), and enriches the results with EPSS (Exploit Prediction Scoring System) scores. It returns structured, typed data optimized for programmatic consumption, CI/CD pipelines, and AI agent workflows.
Problem Statement
Identifying and prioritizing vulnerable dependencies is a fragmented process. Existing tools are often CLI-focused, produce unstructured output, or lack exploitability context (EPSS). AI agents and automated security pipelines need a reliable, programmatic way to parse lockfiles, fetch vulnerabilities, and prioritize them using exploitability scores without dealing with raw API responses or scraping.
Features
- Lockfile Parsing: Supports
requirements.txt,poetry.lock,package-lock.json, andgo.sum. - Vulnerability Querying: Fetches known vulnerabilities via the OSV.dev API.
- EPSS Enrichment: Attaches EPSS scores and percentiles from FIRST.org to prioritize vulnerabilities.
- Structured Output: Returns fully typed Pydantic models, making it trivial to serialize to JSON for AI agents or APIs.
- Asynchronous API: Provides
asyncmethods for high-performance batch querying. - Configurable Thresholds: Filter results by EPSS score or CVSS severity.
Installation
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cve_triage-0.1.0.tar.gz.
File metadata
- Download URL: cve_triage-0.1.0.tar.gz
- Upload date:
- Size: 6.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.13.14 Darwin/24.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f9ffe681f561c8e767a1984894cb2ed4dc79adc3c2e456108d05ada2674005c
|
|
| MD5 |
d9d41adeec8f935b0b3c32df1dd405d9
|
|
| BLAKE2b-256 |
af6fd8886795ad07d8158b0765c31ce76e1d0f30b1fb0945e05906bc6b28a0ad
|
File details
Details for the file cve_triage-0.1.0-py3-none-any.whl.
File metadata
- Download URL: cve_triage-0.1.0-py3-none-any.whl
- Upload date:
- Size: 9.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.2.1 CPython/3.13.14 Darwin/24.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e93c7df182e8cd8b8ed51c94fe9ab9ab42dbf7bee61bfd3715495efcdf38b76d
|
|
| MD5 |
347b1ab4898c3893be2e4080ce303ce5
|
|
| BLAKE2b-256 |
0a4b05fb0946070d490ac3a657e56110ebfe9cb2d1e92881a2f69200d31fccdb
|