🐍 Pyscan

![CI](https://github.com/aswinnnn/pyscan/actions/workflows/CI.yml/badge.svg) ![Liscense](https://img.shields.io/github/license/aswinnnn/pyscan?color=ff64b4) [![PyPI](https://img.shields.io/pypi/v/pyscan-rs?color=ff69b4)](https://pypi.org/project/pyscan-rs) [![](https://img.shields.io/crates/v/pyscan?color=ff64b4)](https://crates.io/crates/pyscan) [![GitHub issues](https://img.shields.io/github/issues/aswinnnn/pyscan.svg?color=ff69b4)](https://GitHub.com/aswinnnn/pyscan/issues/) [![Top Language](https://img.shields.io/github/languages/top/aswinnnn/pyscan?color=ff69b4)](https://img.shields.io/github/languages/top/aswinnnn/pyscan)

A dependency vulnerability scanner for your python projects, straight from the terminal.

+ can be used within large projects. (see [benchmarks](BENCHMARKS.md)) + automatically finds dependencies either from configuration files or within source code. + support for poetry,hatch,filt,pdm and can be integrated into existing build processes. + hasn't been battle-hardened yet. PRs and issue makers welcome. ## 🕊️ Install ```bash pip install pyscan-rs ``` **look out for the "-rs"** part or ```bash cargo install pyscan ``` check out the [releases](https://github.com/aswinnnn/pyscan/releases). ## 🐇 Usage Go to your python source directory (or wherever you keep your `requirements.txt`/`pyproject.toml`) and run: ```bash > pyscan ``` or ```bash > pyscan -d path/to/src ```
Pyscan will find any dependencies added through poetry, hatch, filt, pdm, etc. Here's the order of precedence for a source/config file: + `requirements.txt` + `pyproject.toml` + your source code (`.py`) Pyscan will use your `pip` to find unknown versions, otherwise [pypi.org](https://pypi.org) for the latest version. Still, **Make sure you version-ize your requirements** and use proper [pep-508 syntax](https://peps.python.org/pep-0508/). ## Building pyscan requires a rust version of `< v1.70`, and might be unstable on previous releases. There's an overview of the codebase at [architecture](./architecture/). Grateful for all the contributions so far. ## 🦀 Note pyscan doesn't make sure your code is safe from everything. Use all resources available to you like [safety](https://pypi.org/project/safety/) Dependabot, [`pip-audit`](https://pypi.org/project/pip-audit/), trivy and the likes. ## 🐰 Todo As of October 15, 2023: - [ ] Gather time to work on it (incredible task as a high schooler) - [ ] Persistent state representation of a project's security. - [ ] Graphical analysis of dependencies and their dependencies, and so on. - [ ] Better display, search, filter of vulns ## 🐹 Donate While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.