🐍 Pyscan

A dependency vulnerability scanner for your python projects, straight from the terminal.

• 🚀 blazingly fast and efficient scanner that can be used to scan large projects fairly quickly.
• 🤖 automatically uses requirements.txt, pyproject.toml or straight from the source code (though not reccomended)
• 🧑‍💻 easy to use, and can be integrated into existing build processes.
• 💽 In its very early alpha stage, so some features may not work correctly. PRs and issue makers welcome.

🕊️ Install

bash pip install pyscan

or

bash cargo install pyscan

or check out the releases.

🐇 Usage

Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:

bash pyscan or bash pyscan -d path/to/src

that should get the thing going. Here's the order of precedence for a "source" file:

• requirements.txt
• pyproject.toml
• your python source code (.py) [highly not reccomended]

Any dependencies without a specified version defaults to its latest stable version. Make sure you version-ize your requirements and use proper pep-508 syntax.

🦀 Note

pyscan uses OSV as its database for now. There are plans to add a few more.

pyscan doesn't make sure your code is safe from everything. Use all resources available to you like Dependabot and other github features.

🐰 Todo

• [x] get it working.
• [ ] add tests.
• [ ] more advisory databases.
• [ ] query individual dependencies.
• [ ] perfomance optimizations.

🐹 Sponsor

While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I'm worthy of.