Vulnerability scanner for Python dependencies using the OSV API
Project description
pyvulscan
Vulnerability scanner for Python dependencies using the OSV API.
Supports uv.lock, poetry.lock, pyproject.toml, and requirements.txt — no environment activation needed.
Install
pip install pyvulscan
Usage
# Auto-detect lockfile in current project
pyvulscan pyproject.toml
# Scan only direct dependencies (not transitive)
pyvulscan pyproject.toml --direct-only
# Scan a specific lockfile
pyvulscan uv.lock
pyvulscan poetry.lock
# JSON output (for CI/CD integration)
pyvulscan pyproject.toml --json
# Exit with code 1 if vulnerabilities found (CI gate)
pyvulscan pyproject.toml --exit-code
# Include dev dependencies (Poetry only)
pyvulscan pyproject.toml --group main --group dev
How it works
- Parses your lockfile to get exact resolved versions
- Sends a single batch request to the OSV API
- Fetches full details (severity, fix version) for each vulnerability found
- Reports findings with CVSS score, label, and recommended fix version
Development
# Install with dev dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Lint
ruff check src/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyvulscan-0.1.2.tar.gz
(134.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pyvulscan-0.1.2-py3-none-any.whl
(12.6 kB
view details)
File details
Details for the file pyvulscan-0.1.2.tar.gz.
File metadata
- Download URL: pyvulscan-0.1.2.tar.gz
- Upload date:
- Size: 134.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ed943905a82d26871f086c9f2b9f3e642541c9a7a35d764855bcb3e1b824c334
|
|
| MD5 |
8e2885b608d59250132ee3423e3b7ae1
|
|
| BLAKE2b-256 |
96a247d1fcf620a0ac07960ec55728e582b38a9061d6fb7b79f07c6908ddf289
|
File details
Details for the file pyvulscan-0.1.2-py3-none-any.whl.
File metadata
- Download URL: pyvulscan-0.1.2-py3-none-any.whl
- Upload date:
- Size: 12.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a1691fd4eac76558e103a81dce7ded82c2682d7dc947b725a360dbe6ce6a3fd9
|
|
| MD5 |
a305958b9a60f09de6756e2efeac99ff
|
|
| BLAKE2b-256 |
0dfbd5486cc19dac200c5cb0150353b07ee0d61a00ac782dc99f932be3e84023
|
