Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
Pip-audit Alternatives
Similar projects and alternatives to pip-audit
-
ochrona-cli
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
-
pre-commit-hooks.nix
Seamless integration of https://pre-commit.com git hooks with Nix.
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
aura
Python source code auditing and static analysis on a large scale (by SourceCode-AI)
-
-
-
pre-commit
A framework for managing and maintaining multi-language pre-commit hooks.
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
tox-poetry-installer
A plugin for Tox that lets you install test environment dependencies from the Poetry lockfile
-
-
ipython
Official repository for IPython itself. Other repos in the IPython organization contain things like the website, documentation builds, etc.
-
-
-
Nuitka
Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, and 3.11. You feed it your Python app, it does a lot of clever things, and spits out an executable or extension module.
-
-
self-contained-runnable-python-package-template
This is a template for creating self-contained, runnable python projects in the form of a tidy, structured, runnable python package
-
-
-
-
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
pip-audit reviews and mentions
-
Pyscan: A command-line tool to detect security issues in your python dependencies.
Why use this over the established https://pypi.org/project/pip-audit/ ?
-
How Attackers Can Sneakily Slip Malware Packages Into Poetry.lock Files
https://pypi.org/project/pip-audit/ details usage and the GitHub Action install.
- How to improve Python packaging, or why 14 tools are at least 12 too many
-
Underappreciated Challenges with Python Packaging
If it's pure Python, the only packaging file you need is `pyproject.toml`. You can fill that file with packaging metadata per PEP 518 and PEP 621, including using modern build tooling like flit[1] for the build backend and build[2] for the frontend.
With that, you entire package build (for all distribution types) should be reducible to `python -m build`. Here's an example of a full project doing everything with just `pyproject.toml`[3] (FD: my project).
[1]: https://github.com/pypa/flit
-
Auditing your python environment
- repo: https://github.com/trailofbits/pip-audit rev: v2.4.3 hooks: - id: pip-audit args: [ "-r", "requirements.txt" ] ci: # Leave pip-audit to only run locally and not in CI # pre-commit.ci does not allow network calls skip: [ pip-audit ]
-
How to create a Python package in 2022
This is really nicely written; kudos to the author for compiling a great deal of information in a readable format.
If I can be forgiven one nitpick: Poetry does not use a PEP 518-style[1] build configuration by default, which means that its use of `pyproject.toml` is slightly out of pace with the rest of the Python packaging ecosystem. That isn't to say that it isn't excellent, because it is! But you the standards have come a long way, and you can now use `pyproject.toml` with any build backend as long as you use the standard metadata.
By way of example, here's a project that's completely PEP 517 and PEP 518 compatible without needing a setup.py or setup.cfg[2]. Everything goes through pyproject.toml.
[1]: https://peps.python.org/pep-0518/
[2]: https://github.com/trailofbits/pip-audit/blob/main/pyproject...
-
I think the CTX package on PyPI has been hacked!
Checking could be done if something like this eventually shows up in safety or pip-audit.
-
Open-source way to scan dependencies for CVEs?
Something like python's pip-audit. For commercial solutions I know there's Snyk and Jfrog we can always purchase, but I'm interested to see if there's an open-source tool that can do this.
-
Black, the Uncompromising (Python) Code Formatter Is Stable
Hooray!
Loosely related - This is Python pip. Trail of Bits has a tool pip-audit that audits Python environments and dependency trees for known vulnerabilities.
-
Pre-commit: framework for managing/maintaining multi-language pre-commit hooks
This is why I stuff everything into a top-level Makefile with `.PHONY` rules instead. Nearly every developer knows how to invoke `make` and already has tab completion for `make` rules, to boot.
For example: https://github.com/trailofbits/pip-audit/blob/main/Makefile
-
A note from our sponsor - InfluxDB
www.influxdata.com | 30 May 2023
Stats
pypa/pip-audit is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of pip-audit is Python.