ยป pip install safety
Pyscan: A command-line tool to detect security issues in your python dependencies.
๐ถ immunipy: Find vulnerable dependencies in your Python projects
Developer Edition Injection Vulnerability Scanning with the Python Psycopg2 Library
Common Python Vulnerabilities
Neat. I wasn't aware of all of these gotchas.
Floating point issues should always be kept in mind for all programming languages. I wish compilers would warn on using == with floats.
More on reddit.comVideos
pyscan v0.1.6 | Github
-
can be used within large projects.
-
automatically finds dependencies either from configuration files or within source code.
-
support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
-
hasn't been battle-hardened yet. PRs and issue makers welcome.
Install
pip install pyscan-rs
or
cargo install pyscan
Usage
Go to your project directory and run:
pyscan
or
pyscan -d path/to/src
I posted here about 5 months ago regarding pyscan's release, its been improving ever since but its still not there yet. It is a dependency vulnerability scanner at the moment but i'd like to expand this tool so that it could make PyPI's ecosystem a little less scary and let developers download packages without worrying about supply-chain issues. Grateful for all the support so far from the Python community.
ยป pip install pip-audit
What My Project Does
I've created immunipy a Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly, written in Rust. immunipy will scan your requirements.txt or poetry.lock files and search for existing vulnerabilities in your dependencies, if any of your dependencies is reported as vulnerable then you will get the information, such as: package, version, fixed version (if exists), vuln id, aliases and the location.
It's easy to use and is really fast, all the vulnerabilities are reported in real time.
Target Audience
I think that immunipy is useful for every project, specially the production ready ones, due that every time that you run it you will get an instant scan of your dependencies.
Comparison
It's easy to use, just pip install immunipy and you can run it! Also, you can add it in your CI/CD pipeline and run it regularly, this is useful if you want to keep your projects free of vulnerable dependencies.