python dependency vulnerability scanner
Project description
🐍 Pyscan
A dependency vulnerability scanner for your python projects, straight from the terminal.
- 🚀 blazingly fast scanner that can be used within large projects quickly.
- 🤖 automatically uses
requirements.txt,pyproject.tomlor, the source code. - 🧑💻 can be integrated into existing build processes.
- 💽 In its alpha stage, some features may not work correctly. PRs and issue makers welcome.
🕊️ Install
> pip install pyscan-rs
look out for the "-rs" part or
> cargo install pyscan
check out the releases.
🐇 Usage
Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:
> pyscan
or
> pyscan -d path/to/src
Docker
[WARNING: docker subcommand currently does not work, if you are installing pyscan solely for that purpose. It will be fixed and released in the next version. Thanks for the patience, people with actual jobs (i dont know anyone else who actually uses docker)]
Pyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.
> pyscan docker -n my-docker-image -p /path/inside/container/to/source
by "source" I mean requirements.txt, pyproject.toml or your python files.
Note: Your docker engine/daemon should be running as pyscan utilizes the docker create command.
Here's the order of precedence for a "source" file:
requirements.txtpyproject.toml- your python source code (
.py) [highly discouraged]
Pyscan will find dependency versions from pip if not provided within the source file. Even though, Make sure you version-ize your requirements and use proper pep-508 syntax.
🦀 Note
pyscan uses OSV as its database for now. There are plans to add a few more.
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like Dependabot, pip-audit or trivy.
🐰 Todo
As of June 27, 2023:
- Gather time to work on it (incredible task as a high schooler)
- Multi-threading
- Better display, search, filter of vulns
- Plethora of output options (stick to >> for now)
🐹 Sponsor
While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyscan_rs-0.1.4.tar.gz.
File metadata
- Download URL: pyscan_rs-0.1.4.tar.gz
- Upload date:
- Size: 38.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/0.15.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cbebb233ed0efe6420147ffb931c947f8ef58541974bea1d64a05b81dd48df00
|
|
| MD5 |
18f0e2d777943f6e8ec2f1e3d898c2ad
|
|
| BLAKE2b-256 |
2bef4155c2a865ac2154c6e5de4949a603431ea64a6228de8f611744eb6e816a
|
File details
Details for the file pyscan_rs-0.1.4-py3-none-win_amd64.whl.
File metadata
- Download URL: pyscan_rs-0.1.4-py3-none-win_amd64.whl
- Upload date:
- Size: 3.6 MB
- Tags: Python 3, Windows x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: maturin/0.15.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
999bcb384158932b6f76e4e7943484533cc61397e570439f8c8ce5ccfda1faa9
|
|
| MD5 |
1ade11c8f01ccdb9b442b9336e6fa06a
|
|
| BLAKE2b-256 |
5a18b0d8b0f2436fff7d79aa92034be119bb6da87649299a4b1a07472bdcca77
|
