- can be used within large projects. (see benchmarks)
- automatically finds dependencies either from configuration files or within source code.
- support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
- hasn't been battle-hardened yet. PRs and issue makers welcome.
🕊️ Install
look out for the "-rs" part or
🐇 Usage
Go to your python source directory (or wherever you keep your requirements.txt/pyproject.toml) and run:
> pyscan
or
> pyscan
requirements.txtpyproject.toml- your source code (
.py)
Pyscan will use your pip to find unknown versions, otherwise pypi.org for the latest version. Still, it is recommended to version-ize your requirements and use proper pep-508 syntax.
Building
pyscan requires a rust version of < v1.70, and might be unstable on previous releases.
There's an overview of the codebase at architecture. Grateful for all the contributions so far.
🦀 Note
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like safety Dependabot, pip-audit, trivy and the likes.
🐰 Todo
As of December 24, 2024:
- Gather time to work on it (incredible task as a
high schoolercollege freshman) - Persistent state representation of a project's security.
- Graphical analysis of dependencies and their dependencies, and so on.
- Better display, search, filter of vulns
- Finish the "big" update (All of the above is a part of PR #17)
🐹 Donate
While not coding, I am a broke high school college student with nothing else to do. I appreciate all the help I can get.
