pyscan-rs 0.1.2

Python dependency vulnerability scanner

🐍 Pyscan

A dependency vulnerability scanner for your python projects, straight from the terminal.

• 🚀 blazingly fast scanner that can be used within large projects quickly.
• 🤖 automatically uses requirements.txt, pyproject.toml or, the source code (highly discouraged)
• 🧑‍💻 can be integrated into existing build processes.
• 💽 In its alpha stage, some features may not work correctly. PRs and issue makers welcome.

🕊️ Install

> pip install pyscan-rs

look out for the "-rs" part or

> cargo install pyscan

check out the releases.

🐇 Usage

Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:

> pyscan

or

> pyscan -d path/to/src

Docker

Pyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.

> pyscan docker -n my-docker-image -p /path/inside/container/to/source

by "source" I mean requirements.txt, pyproject.toml or your python files.

Here's the order of precedence for a "source" file:

• requirements.txt
• pyproject.toml
• your python source code (.py) [highly discouraged]

Pyscan will find dependency versions from pip if not provided within the source file. Even though, Make sure you version-ize your requirements and use proper pep-508 syntax.

🦀 Note

pyscan uses OSV as its database for now. There are plans to add a few more.

pyscan doesn't make sure your code is safe from everything. Use all resources available to you like Dependabot, pip-audit or trivy.

🐰 Todo

• get it working.
• add tests. [coming soon]
• query individual python packages. [v0.1.1]
• perfomance optimizations.
• scan docker images [v0.1.2]
• scan code health. [coming soon]

🐹 Sponsor

While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I'm worthy of.