Skip to main content

Module to manage vulnerabilities

Project description

vulnerabilities - framework to manipulate vulnerabilities

PyPI Version Build Status Code coverage

The vulnerabilities module provides functions to manipulate security reports from various different tools.

Installation

vulnerabilities can be installed from PyPI using pip (note that the package name is different from the importable name):

pip install vulnerabilities

Download

vulnerabilities is available on PyPI https://pypi.org/project/vulnerabilities/

The documentation is hosted at: https://vulnerabilities.readthedocs.io/en/stable/

Code

The code and issue tracker are hosted on GitHub: https://github.com/damiencarol/vulnerabilities/

Features

  • Load reports from different tools (Anchore Grype, Bandit, CycloneDX format)

Quick example

Here’s a snapshot, just to give an idea about the power of the package. For more examples, look at the documentation.

Suppose you want to read data from Bandit in pandas. here is the code:

>>> from vulnerabilities.tools.bandit.parser import BanditParser
>>> findings = BanditParser().get_findings(open("tests/scans/bandit/report1.json"), None)
>>> import pandas as pd
>>> df = pd.DataFrame.from_dict(findings)
>>> df.loc[:,['title','severity','file_path','line']]
                                               title severity                  file_path  line
0  Using xml.sax to parse untrusted XML data is k...      Low  scripts/bandit/payload.py     1
1  Use of insecure MD2, MD4, MD5, or SHA1 hash fu...   Medium  scripts/bandit/payload.py     5
2  Use of insecure MD2, MD4, MD5, or SHA1 hash fu...   Medium  scripts/bandit/payload.py     9
3  Use of assert detected. The enclosed code will...      Low  scripts/bandit/payload.py    13

All parsers will produce the same data structure with the same attributes.

Contributing

We welcome many types of contributions - bug reports, pull requests (code, infrastructure or documentation fixes). For more information about how to contribute to the project, see the CONTRIBUTING.md file in the repository.

Author

The vulnerabilities module was written by Damien Carol <damien.carol@gmail.com> in 2021.

It is maintained by:

License

All contributions released under the BSD 3-Clause License.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for vulnerabilities, version 0.0.2
Filename, size File type Python version Upload date Hashes
Filename, size vulnerabilities-0.0.2-py2.py3-none-any.whl (7.5 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size vulnerabilities-0.0.2.tar.gz (137.0 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page