requirements.txt, pyproject.toml or, the source code.```bash
pip install pyscan-rs ``` look out for the "-rs" part or
```bash
cargo install pyscan ```
check out the releases.
Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:
```bash
pyscan
orbash pyscan -d path/to/src ```
[WARNING: docker subcommand currently does not work, if you are installing pyscan solely for that purpose. It will be fixed and released in the next version. Thanks for the patience, people with actual jobs (i dont know anyone else who actually uses docker)]
Pyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.
```bash
pyscan docker -n my-docker-image -p /path/inside/container/to/source ```
by "source" I mean requirements.txt, pyproject.toml or your python files.
Note: Your docker engine/daemon should be running as pyscan utilizes the docker create command.
Here's the order of precedence for a "source" file:
requirements.txtpyproject.toml.py) [highly discouraged]Pyscan will find dependency versions from pip if not provided within the source file. Even though, Make sure you version-ize your requirements and use proper pep-508 syntax.
pyscan uses OSV as its database for now. There are plans to add a few more.
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like Dependabot, pip-audit or trivy.
As of June 27, 2023:
While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.