Default template for PDM package
Project description
pdm-audit
A PDM plugin that scans your Python project dependencies for known vulnerabilities. It leverages pip-audit to provide security auditing capabilities within your PDM workflow.
Features
- Multiple vulnerability data sources support
- PyPI vulnerability database via the PyPI JSON API
- OSV database support
- Multiple output formats:
- Columnar (default)
- JSON
- Markdown
- Caching support with configurable time-to-live (TTL)
- Seamless integration with PDM's dependency management
Installation
pdm self add pdm-audit-plugin
Usage
Run pdm audit in your project directory:
pdm audit --help
Command Options
Options:
-s, --service The audit source. Default is PyPI, can be pypi, osv.
-f, --format The format to emit audit results in (choices: columns, json, markdown)
--desc Include vulnerability descriptions (auto, on, off)
--enable-cache Enable the vulnerability query result cache
--cache-ttl The cache time-to-live in seconds (default: 1800)
Examples
Basic audit of project dependencies:
pdm audit
Using OSV as the vulnerability database:
pdm audit -s osv
Output in JSON format:
pdm audit -f json
Output in Markdown format:
pdm audit -f markdown
Disable caching:
pdm audit --enable-cache false
Customize cache TTL to 1 hour:
pdm audit --cache-ttl 3600
Security Model
This plugin inherits its security model from pip-audit. Please note:
- It identifies known vulnerabilities in your dependencies based on data from vulnerability databases
- It cannot detect undisclosed vulnerabilities or perform static code analysis
- The audit is only as accurate as the vulnerability data available in the chosen service (PyPI or OSV)
Cache Management
The plugin maintains a cache of vulnerability data to improve performance:
- Default cache location:
.audit_cachein your project directory - Default TTL: 1800 seconds (30 minutes)
- Cache can be disabled or customized via command options
Troubleshooting
Slow Audit Performance
- First-time audits may be slower due to cache population
- Subsequent audits will be faster if caching is enabled
- Consider adjusting cache TTL if needed
Connection Issues
If you encounter connection errors:
- Verify your internet connection
- Check if you're behind a corporate proxy
- Try switching between PyPI and OSV services
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
This project is licensed under the MIT License.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pdm_audit_plugin-0.1.1.tar.gz.
File metadata
- Download URL: pdm_audit_plugin-0.1.1.tar.gz
- Upload date:
- Size: 4.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: pdm/2.21.0 CPython/3.13.0 Linux/6.12.1-manjusakav4-xanmod2-2-manjusaka
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a3cfa4ce7dc281061aa6b127cc0d502f65e2db46bbe859b405e453b701d78a9b
|
|
| MD5 |
64fac2015cfd5ff5f454f3a3c73cabb3
|
|
| BLAKE2b-256 |
4c2a6587100de8bcfba9586bd3586b9a12dfd4b21c9b0b5bf8b89d3a401a55f4
|
File details
Details for the file pdm_audit_plugin-0.1.1-py3-none-any.whl.
File metadata
- Download URL: pdm_audit_plugin-0.1.1-py3-none-any.whl
- Upload date:
- Size: 4.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: pdm/2.21.0 CPython/3.13.0 Linux/6.12.1-manjusakav4-xanmod2-2-manjusaka
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b15195fc4b5e755bb74f5275065ba1a12441b48e6526da0746d9af594a881f07
|
|
| MD5 |
36f4d392c01262c5eb16f5bd18a4a236
|
|
| BLAKE2b-256 |
65f080134328ab66e33be4527efe195df5a71e2b59ee627b0db6a2740ec1bca1
|
