Python dependency vulnerability scanner
Project description
🐍 Pyscan
A dependency vulnerability scanner for your python projects, straight from the terminal.
- 🚀 blazingly fast scanner that can be used within large projects quickly.
- 🤖 automatically uses
requirements.txt
,pyproject.toml
or, the source code (highly discouraged) - 🧑💻 can be integrated into existing build processes.
- 💽 In its alpha stage, some features may not work correctly. PRs and issue makers welcome.
🕊️ Install
> pip install pyscan-rs
look out for the "-rs" part or
> cargo install pyscan
check out the releases.
🐇 Usage
Go to your python source directory (or wherever you keep your requirements.txt
/pyproject.toml
) and run:
> pyscan
or
> pyscan -d path/to/src
Docker
Pyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.
> pyscan docker -n my-docker-image -p /path/inside/container/to/source
by "source" I mean requirements.txt
, pyproject.toml
or your python files.
Note: Your docker engine/daemon should be running as pyscan utilizes the docker create
command.
Here's the order of precedence for a "source" file:
requirements.txt
pyproject.toml
- your python source code (
.py
) [highly discouraged]
Pyscan will find dependency versions from pip
if not provided within the source file. Even though, Make sure you version-ize your requirements and use proper pep-508 syntax.
🦀 Note
pyscan uses OSV as its database for now. There are plans to add a few more.
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like Dependabot, pip-audit
or trivy.
🐰 Todo
- get it working.
- add tests. [coming soon]
- query individual python packages. [v0.1.1]
- perfomance optimizations.
- scan docker images [v0.1.2]
- scan code health. [coming soon]
🐹 Sponsor
While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I'm worthy of.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for pyscan_rs-0.1.3-py3-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 86493deee35f853431d2f1c65d60dde8270f15bd1b8816b4c74042bc53e492cb |
|
MD5 | a675122d84efa4349fa281ee7fb70731 |
|
BLAKE2b-256 | 1aaf55c9952a5c7489e64169ea6f0ad93dc6b94fa3a27795040f0a8005fa6218 |