Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

desholmes/python-vulnerability-checker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
test_fail_project
test_fail_project
 
 
test_pass_project
test_pass_project
 
 
.dockerignore
.dockerignore
 
 
.env-dist
.env-dist
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Python Dependency Vulnerability Checker

This repo uses the Skjold package to check the dependencies for a project against the following advisory sources:

Docker Image Details

hub.docker.com/repository/docker/desholmes/python-vulnerability-checker.

  • Registry: desholmes
  • Repository name: python-vulnerability-checker
  • Current version: 1.0.1

Usage

  1. Run make setup: to copy .env into place (.env-dist > .env)
  2. Generate a GitHub personal access token and replace <GITHUB_TOKEN> in .env
  3. Replace the paths below:
    1. <requirements path>: Path to the requirements file
    2. <reports path>: Path to the where the skjold-report.json report file should be saved
docker run --rm -it \
    -e GITHUB_TOKEN=$(GITHUB_TOKEN) \
    -v <requirements path>/requirements.txt:/usr/src/app/requirements.txt \
    -v <reports path>/skjold-report.json:/usr/src/app/skjold-report.json \
    desholmes/python-vulnerability-checker:1.0.0

Getting Started

Prerequisites

  1. Installation of Docker CE
  2. A working knowledge of git SCM
  3. Installation of Python 3.7.3

Docker

Building

  1. Complete the 'Getting Started > Prerequisites' section
  2. Run make setup: to copy .env into place (.env-dist > .env)
  3. Generate a GitHub personal access token with public access permissions and replace <GITHUB_TOKEN> in .env
  4. Run make build to create the docker image based on the details of the Docker Image Details section above

Running

  1. Complete the 'Docker > Building' section
  2. Run make run-pass to the docker container using the contents of the ./test_pass_project
  3. Note: The output from the above commands shows a No vulnerable packages found! message and exits with a 0
  4. Run make run-fail to the docker container using the contents of the ./test_fail_project
  5. Note: The output from the above commands shows a Found 2 vulnerable packages! message and exits with a 1
  6. Note: The ./test_fail_project/skjold-report.json has been updated

Version History

  1. 1.0.1: Added docker hub link to docs
  2. 1.0.0: Base repo

About

Python dependency vulnerability checker

Topics

python docker python3 vulnerability-detection python-vulnerability-checker

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Mar 29, 2020
+ 1 release

Packages

 
 
 

Contributors 2

  •  
  •  

Languages