python dependency vulnerability scanner

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aswinnnn from gravatar.com aswinnnn

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Aswin <aswinxn@protonmail.com>

Tags cli, python, security, vulnerability, pentesting

Requires: Python >=3.7

Classifiers

Project description

🐍 Pyscan

CI Liscense PyPI GitHub issues Top Language

A dependency vulnerability scanner for your python projects, straight from the terminal.
  • can be used within large projects. (see benchmarks)
  • automatically finds dependencies either from configuration files or within source code.
  • support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
  • hasn't been battle-hardened yet. PRs and issue makers welcome.

🕊️ Install

pip install pyscan-rs

look out for the "-rs" part or

cargo install pyscan

check out the releases.

🐇 Usage

Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:

> pyscan

or

> pyscan -d path/to/src

Pyscan will find any dependencies added through poetry, hatch, filt, pdm, etc. Here's the order of precedence for a source/config file:
  • requirements.txt
  • pyproject.toml
  • your source code (.py)

Pyscan will use your pip to find unknown versions, otherwise pypi.org for the latest version. Still, Make sure you version-ize your requirements and use proper pep-508 syntax.

Building

pyscan requires a rust version of < v1.70, and might be unstable on previous releases. There's an overview of the codebase at architecture. Grateful for all the contributions so far.

🦀 Note

pyscan doesn't make sure your code is safe from everything. Use all resources available to you like safety Dependabot, pip-audit, trivy and the likes.

🐰 Todo

As of October 15, 2023:

  • Gather time to work on it (incredible task as a high schooler)
  • Persistent state representation of a project's security.
  • Graphical analysis of dependencies and their dependencies, and so on.
  • Better display, search, filter of vulns

🐹 Donate

While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aswinnnn from gravatar.com aswinnnn

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Aswin <aswinxn@protonmail.com>

Tags cli, python, security, vulnerability, pentesting

Requires: Python >=3.7

Classifiers

Release history Release notifications | RSS feed

This version

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyscan_rs-0.1.6.tar.gz (1.2 MB view hashes)

Uploaded Source

Built Distributions

pyscan_rs-0.1.6-py3-none-win_amd64.whl (2.5 MB view hashes)

Uploaded Python 3 Windows x86-64

pyscan_rs-0.1.6-py3-none-win32.whl (2.3 MB view hashes)

Uploaded Python 3 Windows x86

pyscan_rs-0.1.6-py3-none-macosx_11_0_arm64.whl (2.8 MB view hashes)

Uploaded Python 3 macOS 11.0+ ARM64

pyscan_rs-0.1.6-py3-none-macosx_10_7_x86_64.whl (3.0 MB view hashes)

Uploaded Python 3 macOS 10.7+ x86-64

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page