A tool for scanning Python environments for known vulnerabilities
Project description
pip-audit
pip-audit
is a prototype tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) as a source of vulnerability reports.
This project is developed by Trail of Bits with support from Google. This is not an official Google product.
Development steps
git clone https://github.com/trailofbits/pip-audit && cd pip-audit
make dev && source env/bin/activate
pip-audit --help
Release process
Releases of pip-audit
are managed via bump
and GitHub Actions.
# default release (patch bump)
make release
# override the default
# vX.Y.Z -> vX.Y.Z-rc.0
make release BUMP_ARGS="--pre rc.0"
# vX.Y.Z -> vN.0.0
make release BUMP_ARGS="--major"
make release
will fail if there are any untracked changes in the source tree.
If make release
succeeds, you'll see an output like this:
RUN ME MANUALLY: git push origin main && git push origin vX.Y.Z
Run that last command sequence to complete the release.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pip_audit-0.0.1rc0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ec73440f250b631864cd2a6b571496f60724d25aded65b156d6918c9d34142d1 |
|
MD5 | e6a95ed36555ee0de6cd58729448ccff |
|
BLAKE2b-256 | afeba17f22a20981d8f4d58559082c92df77ebfbae74c74576f453010b82efc0 |