Skip to main content

Security vulnerability scanner for Python dependencies

Project description

osvcheck

Python Tests PyPI version Python versions Downloads Security Maintenance

Lightweight vulnerability scanner for Python dependencies using the OSV database.

osvcheck scans your Python project's dependencies for known security vulnerabilities by querying the OSV (Open Source Vulnerabilities) database. It's designed for source-level checking during development and CI/CD pipelines.

Key features:

  • Zero runtime dependencies (stdlib only)
  • Auto-detects package manager (uv.lock, uv, or pip)
  • Smart caching (12-48 hour TTL) minimizes API calls
  • Distinguishes direct vs indirect vulnerabilities
  • Optional rich integration for enhanced output (auto-detected if installed)

Installation

Install via pip or uv, or add to your project's dev dependencies.

Usage

# Scan current project
osvcheck

# Logging options
osvcheck -v              # Verbose (debug) output
osvcheck -q              # Quiet (warnings/errors only)
osvcheck --log-json      # JSON format logs
osvcheck --log-file FILE # Write logs to file

# Color control
osvcheck --color         # Force color output
osvcheck --no-color      # Disable color output

Exit codes:

  • 0 - No vulnerabilities found
  • 1 - Indirect dependency vulnerabilities only
  • 2 - Direct dependency vulnerabilities found

As a Pre-commit hook:

Add to .pre-commit-config.yaml:

- repo: https://github.com/deeprave/osvcheck
  rev: v1.0.0b1
  hooks:
    - id: osvcheck

CI/CD integration:

# Fail only on direct vulnerabilities
osvcheck || [ $? -eq 1 ]

# Fail on any vulnerabilities
osvcheck

Features

  • Scans Python dependencies for known security vulnerabilities
  • Uses the OSV (Open Source Vulnerabilities) database
  • Multi-environment support with auto-detection:
    • Uses uv.lock if present and up-to-date (fastest)
    • Falls back to uv pip list if uv is available
    • Falls back to pip list if pip is available
  • Smart caching with 12-48 hour randomized TTL
  • Distinguishes between direct and indirect dependency vulnerabilities
  • Zero runtime dependencies (Python stdlib only)
  • Optional rich integration for enhanced output (auto-detected if already installed)

License

MIT License - See LICENSE file for details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

osvcheck-1.0.1.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

osvcheck-1.0.1-py3-none-any.whl (12.1 kB view details)

Uploaded Python 3

File details

Details for the file osvcheck-1.0.1.tar.gz.

File metadata

  • Download URL: osvcheck-1.0.1.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for osvcheck-1.0.1.tar.gz
Algorithm Hash digest
SHA256 270f5c9e4057e4c5a9aa862fd56f15b94bceb4fd5029bba80b2b9605d9eb25fc
MD5 a3be372e3bb8cc0bb06cf8f6012a9e06
BLAKE2b-256 f2d17dc15e2911154ada8882c806ea0efd48ae456fd5a5f7fc2a8695e6015d8d

See more details on using hashes here.

Provenance

The following attestation bundles were made for osvcheck-1.0.1.tar.gz:

Publisher: release.yml on deeprave/osvcheck

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file osvcheck-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: osvcheck-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 12.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for osvcheck-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 869063c9165fe1a2c19cf2f2b6dbb8b31f63783513da5ddb27a24061f13f8284
MD5 5e1d5c81e377667f4bc52765b1c1f63c
BLAKE2b-256 543cea055d9c4b55ffafc061a9c1f027778eb824cf4053f7e753057f34d2c45d

See more details on using hashes here.

Provenance

The following attestation bundles were made for osvcheck-1.0.1-py3-none-any.whl:

Publisher: release.yml on deeprave/osvcheck

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page