Skip to content

nripankadas07/dep-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
src/dep_audit
src/dep_audit
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

dep-audit

Lightweight Python dependency vulnerability scanner. Reads a requirements.txt and queries the OSV.dev database for known vulnerabilities, returning structured Finding records or formatted CLI output.

Install

pip install dep-audit

Requires Python 3.10+. Uses requests for OSV transport (pluggable via the fetcher argument for testing).

CLI usage

dep-audit requirements.txt

Exits non-zero if any findings are present.

Library usage

from dep_audit import scan_requirements

findings = scan_requirements([
    "requests==2.20.0",
    "django==2.2.0",
])
for f in findings:
    print(f.package, f.version, f.vuln_id, f.summary)

API

scan_requirements(requirements, *, fetcher=None) -> list[Finding]

Scan an iterable of requirement lines. Only name==version pinned forms are scanned. The optional fetcher lets you stub out the OSV API for tests.

Finding

Frozen dataclass: package, version, vuln_id, summary, severity.

DepAuditError

Raised on transport or input errors.

License

MIT

About

Python dependency vulnerability scanner using OSV.dev

Topics

python cli security dependencies osv vulnerability-scanner

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages