poetry-audit-plugin

Release 0.4.0

Poetry plugin for checking security vulnerabilities in dependencies

Homepage PyPI Python

Keywords
poetry, vulnerabilities, security, audit, packaging, poetry-plugin, python, python3, vulnerability
License
MIT
Install
pip install poetry-audit-plugin==0.4.0

Documentation

Poetry Audit Plugin

Poetry plugin for checking security vulnerabilities in dependencies based on safety.

$ poetry audit
Scanning 19 packages...

  • ansible-runner     installed 1.1.2  affected <1.3.1   CVE PVE-2021-36995
  • ansible-tower-cli  installed 3.1.8  affected <3.2.0   CVE CVE-2020-1733 
  • jinja2             installed 2.0    affected <2.11.3  CVE CVE-2020-28493

3 vulnerabilities found

Installation

The easiest way to install the audit plugin is via the self add command of Poetry.

poetry self add poetry-audit-plugin

If you used pipx to install Poetry you can add the plugin via the pipx inject command.

pipx inject poetry poetry-audit-plugin

Otherwise, if you used pip to install Poetry you can add the plugin packages via the pip install command.

pip install poetry-audit-plugin

Available options

  • --json: Export the result in JSON format.

  • --ignore-code: Ignore some vulnerabilities IDs. Receive a list of IDs. For example:

poetry audit --ignore-code=CVE-2022-42969,CVE-2020-10684
  • --ignore-package: Ignore some packages. Receive a list of packages. For example:
poetry audit --json --ignore-package=py,ansible-tower-cli
  • --proxy-protocol, --proxy-host, --proxy-port: Proxy to access Safety DB. For example:
poetry audit --proxy-protocol=http --proxy-host=localhost --proxy-port=3128
  • --cache-sec: How long Safety DB can be cached locally. For example:
poetry audit --cache-sec=60

Exit codes

poetry audit will exit with a code indicating its status.

  • 0: Vulnerabilities were not found.
  • 1: One or more vulnerabilities were found.
  • Others: Something wrong happened.

Develop poetry-audit-plugin

You can read this document to setup an environment to develop poetry-audit-plugin.

First step is to install Poetry. Please read official document and install Poetry in your machine.

Then, you can install dependencies of poetry-audit-plugin with the following command.

poetry install

Once you've done it, you can start developing poetry-audit-plugin. You can use test assets for the testing.

cd tests/assets/no_vulnerabilities
poetry shell
poetry audit

Please lint, format, and test your changes before creating pull request to keep the quality.

./scripts/lint.sh
./scripts/format.sh
./scripts/test.sh

Contribution

Help is always appreciated. Please feel free to create issue and pull request!

License

This project is licensed under the terms of the MIT license.

Stats

Dependencies
2
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
18
Forks
6
Watchers
2
Contributors
4
Repository size
77.1 KB
SourceRank
10

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.4.0
0.3.0
0.2.0
0.1.1
0.1.0

Contributors

Yuto Yamada Franco0700 Adrian Lopez Adrian Dischinger


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-03-09 02:57:00 UTC

Login to resync this project