{"id":27856308,"url":"https://github.com/ohaswin/pyscan","last_synced_at":"2025-05-04T11:01:41.367Z","repository":{"id":165888662,"uuid":"641300429","full_name":"ohaswin/pyscan","owner":"ohaswin","description":"python dependency vulnerability scanner, written in Rust.","archived":false,"fork":false,"pushed_at":"2024-12-24T10:09:24.000Z","size":2244,"stargazers_count":196,"open_issues_count":2,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-03T17:44:30.771Z","etag":null,"topics":["cve","hacking","ossf","osv","python","rust","security","security-audit","security-automation","security-tools","vulnerabilities","vulnerability","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ohaswin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":"aswinnnn","tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":null}},"created_at":"2023-05-16T07:32:49.000Z","updated_at":"2025-04-22T11:53:47.000Z","dependencies_parsed_at":"2024-01-17T17:24:33.720Z","dependency_job_id":"86cb446e-b0be-4f0e-81e8-ea19ce84e07d","html_url":"https://github.com/ohaswin/pyscan","commit_stats":null,"previous_names":["ohaswin/pyscan"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ohaswin%2Fpyscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ohaswin%2Fpyscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ohaswin%2Fpyscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ohaswin%2Fpyscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ohaswin","download_url":"https://codeload.github.com/ohaswin/pyscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252323473,"owners_count":21729568,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","hacking","ossf","osv","python","rust","security","security-audit","security-automation","security-tools","vulnerabilities","vulnerability","vulnerability-scanners"],"created_at":"2025-05-04T11:01:40.224Z","updated_at":"2025-05-04T11:01:41.356Z","avatar_url":"https://github.com/ohaswin.png","language":"Rust","funding_links":["https://ko-fi.com/aswinnnn","https://ko-fi.com/Z8Z74DCR4"],"categories":["Rust"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e 🐍 Pyscan \u003c/h1\u003e\n\n![CI](https://github.com/aswinnnn/pyscan/actions/workflows/CI.yml/badge.svg) ![Liscense](https://img.shields.io/github/license/aswinnnn/pyscan?color=ff64b4) [![PyPI](https://img.shields.io/pypi/v/pyscan-rs?color=ff69b4)](https://pypi.org/project/pyscan-rs) [![](https://img.shields.io/crates/v/pyscan?color=ff64b4)](https://crates.io/crates/pyscan) [![GitHub issues](https://img.shields.io/github/issues/aswinnnn/pyscan.svg?color=ff69b4)](https://GitHub.com/aswinnnn/pyscan/issues/) [![Top Language](https://img.shields.io/github/languages/top/aswinnnn/pyscan?color=ff69b4)](https://img.shields.io/github/languages/top/aswinnnn/pyscan)\n\n\u003ch4 align=\"center\"\u003e \n\n\u003c!-- \u003cimg src=\"https://media.discordapp.net/attachments/1002212458502557718/1107648562004758538/pyscan.png?width=779\u0026height=206\"\u003e --\u003e\n\n\u003cimg src=\"./assets/2pyscan-repository.png\"\u003e\n\n\u003c/h4\u003e\n\n\u003ch5 align=\"center\"\u003e \u003ci\u003eA dependency vulnerability scanner for your python projects, straight from the terminal.\u003c/i\u003e \u003c/h5\u003e\n\n+ can be used within large projects. (see [benchmarks](BENCHMARKS.md))\n+ automatically finds dependencies either from configuration files or within source code.\n+ support for poetry,hatch,filt,pdm and can be integrated into existing build processes.\n+ hasn't been battle-hardened yet. PRs and issue makers welcome.\n\n## 🕊️ Install\n\n```bash\npip install pyscan-rs\n```\n**look out for the \"-rs\"** part\nor\n\n```bash\ncargo install pyscan\n```\n\n\n\n## 🐇 Usage\n\nGo to your python source directory (or wherever you keep your `requirements.txt`/`pyproject.toml`) and run:\n\n```bash\n\u003e pyscan\n```\nor\n```bash\n\u003e pyscan -d path/to/src\n```\n\n\u003c!-- ## Docker\n\n[WARNING: docker subcommand currently does not work, if you are installing pyscan solely for that purpose. It will be fixed and released in the next version. Thanks for the patience, people with actual jobs (i dont know anyone else who actually uses docker)]\n\nPyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.\n\n```bash\n\u003e pyscan docker -n my-docker-image -p /path/inside/container/to/source\n```\n\nby \u003ci\u003e\"source\"\u003c/i\u003e I mean `requirements.txt`, `pyproject.toml` or your python files.\nNote: Your docker engine/daemon should be running as pyscan utilizes the `docker create` command.  --\u003e\n\n\u003cbr\u003e\nPyscan will find any dependencies added through poetry, hatch, filt, pdm, etc.\nHere's the order of precedence for a source/config file:\n\n+ `requirements.txt`\n+ `pyproject.toml`\n+ your source code (`.py`)\n\nPyscan will use your `pip` to find unknown versions, otherwise [pypi.org](https://pypi.org) for the latest version. Still, **it is recommended to version-ize your requirements** and use proper [pep-508 syntax](https://peps.python.org/pep-0508/).\n\n## Building\n\npyscan requires a rust version of `\u003c v1.70`, and might be unstable on previous releases.\nThere's an overview of the codebase at [architecture](./architecture/). Grateful for all the contributions so far.\n\n## 🦀 Note\n\npyscan doesn't make sure your code is safe from everything. Use all resources available to you like [safety](https://pypi.org/project/safety/) Dependabot, [`pip-audit`](https://pypi.org/project/pip-audit/), trivy and the likes.\n\n## 🐰 Todo\n\nAs of December 24, 2024:\n\n- [ ] Gather time to work on it (incredible task as a ~~high schooler~~ college freshman)\n- [ ] Persistent state representation of a project's security.\n- [ ] Graphical analysis of dependencies and their dependencies, and so on.\n- [ ] Better display, search, filter of vulns  \n- [ ] Finish the \"big\" update (All of the above is a part of PR #17)\n\n## 🐹 Donate\n\nWhile not coding, I am a broke ~~high school~~ college student with nothing else to do. I appreciate all the help I can get.\n\n\n[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Z8Z74DCR4)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fohaswin%2Fpyscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fohaswin%2Fpyscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fohaswin%2Fpyscan/lists"}