-
pip-audit
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
https://pypi.org/project/pip-audit/ details usage and the GitHub Action install.
cli - uses sandbox to block packages during installation, performs pre-install checks to determine (by hitting the API) if the package performs actions congruent with malware, e.g. phylum pip install requests will use pip wrapped by the sandbox to install requests after verifying that it doesn't have malware like behavior.
Related posts
-
Show HN: One makefile to rule them all
-
pip-audit - a tool for scanning Python environments for packages with known vulnerabilities
-
Find malicious Python packages with one command
-
pip-audit: a tool for identifying Python packages with known vulnerabilities
-
A tool for scanning Python environments for known vulnerabilities