Vulnerability scanner for Python dependencies using the OSV API
Project description
pyvulscan
Vulnerability scanner for Python dependencies using the OSV API.
Supports uv.lock, poetry.lock, pyproject.toml, and requirements.txt — no environment activation needed.
Install
pip install pyvulscan
Usage
# Auto-detect lockfile in current project
pyvulscan pyproject.toml
# Scan only direct dependencies (not transitive)
pyvulscan pyproject.toml --direct-only
# Scan a specific lockfile
pyvulscan uv.lock
pyvulscan poetry.lock
# JSON output (for CI/CD integration)
pyvulscan pyproject.toml --json
# Exit with code 1 if vulnerabilities found (CI gate)
pyvulscan pyproject.toml --exit-code
# Include dev dependencies (Poetry only)
pyvulscan pyproject.toml --group main --group dev
How it works
- Parses your lockfile to get exact resolved versions
- Sends a single batch request to the OSV API
- Fetches full details (severity, fix version) for each vulnerability found
- Reports findings with CVSS score, label, and recommended fix version
Development
# Install with dev dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/
# Lint
ruff check src/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pyvulscan-0.1.3.tar.gz
(137.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
pyvulscan-0.1.3-py3-none-any.whl
(15.0 kB
view details)
File details
Details for the file pyvulscan-0.1.3.tar.gz.
File metadata
- Download URL: pyvulscan-0.1.3.tar.gz
- Upload date:
- Size: 137.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dba75831e3051bc8b8b2e70d8213a22ca57692e33d6c47a96335b1391c31461b
|
|
| MD5 |
d78f68839a38393f6714d4bba64e931b
|
|
| BLAKE2b-256 |
e0709725fb9f81e8009c9ed78ba2b2a64a7d4070307a9dd3c8996ddcb311a491
|
File details
Details for the file pyvulscan-0.1.3-py3-none-any.whl.
File metadata
- Download URL: pyvulscan-0.1.3-py3-none-any.whl
- Upload date:
- Size: 15.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.3 {"installer":{"name":"uv","version":"0.11.3","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fe6ee63bfaa3e106e71610c3cc9bfbc42acef47fc781fd451b96a075dbd89051
|
|
| MD5 |
ea1037400dd868fadc5925fb249ef65a
|
|
| BLAKE2b-256 |
e63bee1ac67e7bd6420d1651f4fdb2fd50bc76230532141581d8e22a4f7b1e82
|
