This repo uses the Skjold package to check the dependencies for a project against the following advisory sources:
hub.docker.com/repository/docker/desholmes/python-vulnerability-checker.
- Registry: desholmes
- Repository name: python-vulnerability-checker
- Current version: 1.0.1
- Run
make setup
: to copy.env
into place (.env-dist
>.env
) - Generate a GitHub personal access token and replace
<GITHUB_TOKEN>
in.env
- Replace the paths below:
<requirements path>
: Path to the requirements file<reports path>
: Path to the where theskjold-report.json
report file should be saved
docker run --rm -it \
-e GITHUB_TOKEN=$(GITHUB_TOKEN) \
-v <requirements path>/requirements.txt:/usr/src/app/requirements.txt \
-v <reports path>/skjold-report.json:/usr/src/app/skjold-report.json \
desholmes/python-vulnerability-checker:1.0.0
- Installation of Docker CE
- A working knowledge of git SCM
- Installation of Python 3.7.3
- Complete the 'Getting Started > Prerequisites' section
- Run
make setup
: to copy.env
into place (.env-dist
>.env
) - Generate a GitHub personal access token with
public access
permissions and replace<GITHUB_TOKEN>
in.env
- Run
make build
to create the docker image based on the details of theDocker Image Details
section above
- Complete the 'Docker > Building' section
- Run
make run-pass
to the docker container using the contents of the./test_pass_project
- Note: The output from the above commands shows a
No vulnerable packages found!
message and exits with a 0 - Run
make run-fail
to the docker container using the contents of the./test_fail_project
- Note: The output from the above commands shows a
Found 2 vulnerable packages!
message and exits with a 1 - Note: The ./test_fail_project/skjold-report.json has been updated
1.0.1
: Added docker hub link to docs1.0.0
: Base repo