Skip to content

aswinnnn/pyscan

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
June 29, 2023 08:39
June 28, 2023 18:05
June 28, 2023 18:05
src
June 29, 2023 08:48
June 24, 2023 12:11
June 29, 2023 08:48
June 29, 2023 08:48
May 16, 2023 16:07
July 3, 2023 14:39
May 16, 2023 16:09

🐍 Pyscan

CI Liscense PyPI GitHub issues Top Language

A dependency vulnerability scanner for your python projects, straight from the terminal.
  • πŸš€ blazingly fast scanner that can be used within large projects. (see benchmarks)
  • πŸ€– automatically finds requirements.txt, pyproject.toml or, the source code.
  • πŸ§‘β€πŸ’» can be integrated into existing build processes.
  • πŸ’½ In its early stage, thus hasn't been battle-hardened yet. PRs and issue makers welcome.

πŸ•ŠοΈ Install

pip install pyscan-rs

look out for the "-rs" part or

cargo install pyscan

check out the releases.

πŸ‡ Usage

Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:

> pyscan

or

> pyscan -d path/to/src

Here's the order of precedence for a source/config file:

  • requirements.txt
  • pyproject.toml
  • your source code (.py)

Pyscan will use pip to find unknown versions, otherwise pypi.org. Still, Make sure you version-ize your requirements and use proper pep-508 syntax.

Building

pyscan requires a rust version of => v1.70, and might be unstable on previous releases. There's an overview of the codebase at architecture. Grateful for all the contributions so far!

πŸ¦€ How it's done

pyscan uses OSV as its database for now. There are plans to add a few more, given its feasible.

pyscan doesn't make sure your code is safe from everything. Use all resources available to you like safety Dependabot, pip-audit, trivy and the likes.

🐰 Todo

As of June 29, 2023:

  • Gather time to work on it (incredible task as a high schooler)
  • Multi-threading
  • Better display, search, filter of vulns
  • Plethora of output options (stick to >> for now)
  • ignore vulnerabilities
  • Benchmarks
  • Architecture write-up

🐹 Sponsor

While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.