https://github.com/aswinnnn/pyscan
python dependency vulnerability scanner, written in Rust.
https://github.com/aswinnnn/pyscan
cve hacking ossf osv python rust security security-audit security-automation security-tools vulnerabilities vulnerability vulnerability-scanners
Last synced: 26 days ago
JSON representation
python dependency vulnerability scanner, written in Rust.
- Host: GitHub
- URL: https://github.com/aswinnnn/pyscan
- Owner: aswinnnn
- License: mit
- Created: 2023-05-16T07:32:49.000Z (almost 2 years ago)
- Default Branch: master
- Last Pushed: 2024-12-24T10:09:24.000Z (4 months ago)
- Last Synced: 2025-02-26T08:47:09.565Z (about 2 months ago)
- Topics: cve, hacking, ossf, osv, python, rust, security, security-audit, security-automation, security-tools, vulnerabilities, vulnerability, vulnerability-scanners
- Language: Rust
- Homepage:
- Size: 2.14 MB
- Stars: 195
- Watchers: 4
- Forks: 7
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-offensive-rust - Pyscan - Python dependency vulnerability scanner, written in Rust. (Projects)
README
🐍 Pyscan
  [](https://pypi.org/project/pyscan-rs) [](https://crates.io/crates/pyscan) [](https://GitHub.com/aswinnnn/pyscan/issues/) [](https://img.shields.io/github/languages/top/aswinnnn/pyscan)
A dependency vulnerability scanner for your python projects, straight from the terminal.
+ can be used within large projects. (see [benchmarks](BENCHMARKS.md))
+ automatically finds dependencies either from configuration files or within source code.
+ support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
+ hasn't been battle-hardened yet. PRs and issue makers welcome.
## 🕊️ Install
```bash
pip install pyscan-rs
```
**look out for the "-rs"** part
or
```bash
cargo install pyscan
```
## 🐇 Usage
Go to your python source directory (or wherever you keep your `requirements.txt`/`pyproject.toml`) and run:
```bash
> pyscan
```
or
```bash
> pyscan -d path/to/src
```
Pyscan will find any dependencies added through poetry, hatch, filt, pdm, etc.
Here's the order of precedence for a source/config file:
+ `requirements.txt`
+ `pyproject.toml`
+ your source code (`.py`)
Pyscan will use your `pip` to find unknown versions, otherwise [pypi.org](https://pypi.org) for the latest version. Still, **it is recommended to version-ize your requirements** and use proper [pep-508 syntax](https://peps.python.org/pep-0508/).
## Building
pyscan requires a rust version of `< v1.70`, and might be unstable on previous releases.
There's an overview of the codebase at [architecture](./architecture/). Grateful for all the contributions so far.
## 🦀 Note
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like [safety](https://pypi.org/project/safety/) Dependabot, [`pip-audit`](https://pypi.org/project/pip-audit/), trivy and the likes.
## 🐰 Todo
As of December 24, 2024:
- [ ] Gather time to work on it (incredible task as a ~~high schooler~~ college freshman)
- [ ] Persistent state representation of a project's security.
- [ ] Graphical analysis of dependencies and their dependencies, and so on.
- [ ] Better display, search, filter of vulns
- [ ] Finish the "big" update (All of the above is a part of PR #17)
## 🐹 Donate
While not coding, I am a broke ~~high school~~ college student with nothing else to do. I appreciate all the help I can get.
[](https://ko-fi.com/Z8Z74DCR4)