# Poetry Audit Plugin
Poetry plugin for checking security vulnerabilities in dependencies based on [safety](https://github.com/pyupio/safety).
```
$ poetry audit
Scanning 19 packages...
• ansible-runner installed 1.1.2 affected <1.3.1 CVE PVE-2021-36995
• ansible-tower-cli installed 3.1.8 affected <3.2.0 CVE CVE-2020-1733
• jinja2 installed 2.0 affected <2.11.3 CVE CVE-2020-28493
3 vulnerabilities found
```
## Installation
The easiest way to install the `audit` plugin is via the `self add` command of Poetry.
```bash
poetry self add poetry-audit-plugin
```
If you used `pipx` to install Poetry you can add the plugin via the `pipx inject` command.
```bash
pipx inject poetry poetry-audit-plugin
```
Otherwise, if you used `pip` to install Poetry you can add the plugin packages via the `pip install` command.
```bash
pip install poetry-audit-plugin
```
## Available options
* `--json`: Export the result in JSON format.
* `--ignore-code`: Ignore some vulnerabilities IDs. Receive a list of IDs. For example:
```bash
poetry audit --ignore-code=CVE-2022-42969,CVE-2020-10684
```
* `--ignore-package`: Ignore some packages. Receive a list of packages. For example:
```bash
poetry audit --json --ignore-package=py,ansible-tower-cli
```
* `--proxy-protocol`, `--proxy-host`, `--proxy-port`: Proxy to access Safety DB. For example:
```bash
poetry audit --proxy-protocol=http --proxy-host=localhost --proxy-port=3128
```
* `--cache-sec`: How long Safety DB can be cached locally. For example:
```bash
poetry audit --cache-sec=60
```
## Exit codes
`poetry audit` will exit with a code indicating its status.
* `0`: Vulnerabilities were not found.
* `1`: One or more vulnerabilities were found.
* Others: Something wrong happened.
## Develop poetry-audit-plugin
You can read this document to setup an environment to develop poetry-audit-plugin.
First step is to install Poetry. Please read [official document](https://python-poetry.org/docs/) and install Poetry in your machine.
Then, you can install dependencies of poetry-audit-plugin with the following command.
```sh
poetry install
```
Once you've done it, you can start developing poetry-audit-plugin. You can use test assets for the testing.
```sh
cd tests/assets/no_vulnerabilities
poetry shell
poetry audit
```
Please lint, format, and test your changes before creating pull request to keep the quality.
```sh
./scripts/lint.sh
./scripts/format.sh
./scripts/test.sh
```
## Contribution
Help is always appreciated. Please feel free to create issue and pull request!
## License
This project is licensed under the terms of the MIT license.
Raw data
{
"_id": null,
"home_page": "https://github.com/opeco17/poetry-audit-plugin",
"name": "poetry-audit-plugin",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8,<4.0",
"maintainer_email": "",
"keywords": "poetry,vulnerabilities,security,audit",
"author": "opeco17",
"author_email": "opeco17@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/8a/3b/c4721c1d7cd642a407ba4a09d3aee57a5975b0fa8e73fb1804470764f637/poetry_audit_plugin-0.4.0.tar.gz",
"platform": null,
"description": "# Poetry Audit Plugin\n\nPoetry plugin for checking security vulnerabilities in dependencies based on [safety](https://github.com/pyupio/safety).\n\n```\n$ poetry audit\nScanning 19 packages...\n\n \u2022 ansible-runner installed 1.1.2 affected <1.3.1 CVE PVE-2021-36995\n \u2022 ansible-tower-cli installed 3.1.8 affected <3.2.0 CVE CVE-2020-1733 \n \u2022 jinja2 installed 2.0 affected <2.11.3 CVE CVE-2020-28493\n\n3 vulnerabilities found\n```\n\n## Installation\n\nThe easiest way to install the `audit` plugin is via the `self add` command of Poetry.\n\n```bash\npoetry self add poetry-audit-plugin\n```\n\nIf you used `pipx` to install Poetry you can add the plugin via the `pipx inject` command.\n\n```bash\npipx inject poetry poetry-audit-plugin\n```\n\nOtherwise, if you used `pip` to install Poetry you can add the plugin packages via the `pip install` command.\n\n```bash\npip install poetry-audit-plugin\n```\n\n## Available options\n\n* `--json`: Export the result in JSON format.\n\n* `--ignore-code`: Ignore some vulnerabilities IDs. Receive a list of IDs. For example:\n\n```bash\npoetry audit --ignore-code=CVE-2022-42969,CVE-2020-10684\n```\n\n* `--ignore-package`: Ignore some packages. Receive a list of packages. For example:\n\n```bash\npoetry audit --json --ignore-package=py,ansible-tower-cli\n```\n\n* `--proxy-protocol`, `--proxy-host`, `--proxy-port`: Proxy to access Safety DB. For example:\n\n```bash\npoetry audit --proxy-protocol=http --proxy-host=localhost --proxy-port=3128\n```\n\n* `--cache-sec`: How long Safety DB can be cached locally. For example:\n\n```bash\npoetry audit --cache-sec=60\n```\n\n## Exit codes\n\n`poetry audit` will exit with a code indicating its status.\n\n* `0`: Vulnerabilities were not found.\n* `1`: One or more vulnerabilities were found.\n* Others: Something wrong happened.\n\n## Develop poetry-audit-plugin\n\nYou can read this document to setup an environment to develop poetry-audit-plugin.\n\nFirst step is to install Poetry. Please read [official document](https://python-poetry.org/docs/) and install Poetry in your machine.\n\nThen, you can install dependencies of poetry-audit-plugin with the following command.\n\n```sh\npoetry install\n```\n\nOnce you've done it, you can start developing poetry-audit-plugin. You can use test assets for the testing.\n\n```sh\ncd tests/assets/no_vulnerabilities\npoetry shell\npoetry audit\n```\n\nPlease lint, format, and test your changes before creating pull request to keep the quality.\n\n```sh\n./scripts/lint.sh\n./scripts/format.sh\n./scripts/test.sh\n```\n\n## Contribution\n\nHelp is always appreciated. Please feel free to create issue and pull request!\n\n## License\n\nThis project is licensed under the terms of the MIT license.\n",
"bugtrack_url": null,
"license": "",
"summary": "Poetry plugin for checking security vulnerabilities in dependencies",
"version": "0.4.0",
"project_urls": {
"Homepage": "https://github.com/opeco17/poetry-audit-plugin",
"Repository": "https://github.com/opeco17/poetry-audit-plugin"
},
"split_keywords": [
"poetry",
"vulnerabilities",
"security",
"audit"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4c16bc592dcf87c73d73fb532f476765fc8df4adc1f9b54a382954109e4de27f",
"md5": "dce8eaf35d6da023254dc8a0ecec69ad",
"sha256": "ffaacdd5d29af8c3dbaa198e49f3b49bb578f2af5ec8b7dda7817b89abb8a8a4"
},
"downloads": -1,
"filename": "poetry_audit_plugin-0.4.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "dce8eaf35d6da023254dc8a0ecec69ad",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8,<4.0",
"size": 9048,
"upload_time": "2024-03-09T02:56:47",
"upload_time_iso_8601": "2024-03-09T02:56:47.898317Z",
"url": "https://files.pythonhosted.org/packages/4c/16/bc592dcf87c73d73fb532f476765fc8df4adc1f9b54a382954109e4de27f/poetry_audit_plugin-0.4.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8a3bc4721c1d7cd642a407ba4a09d3aee57a5975b0fa8e73fb1804470764f637",
"md5": "e72a0e3875936dd0f33b3c082b76e500",
"sha256": "5f266c8ac2eedcc891f889a4f8636f5d37213fcd6c43d60a61765d1cdcd4b455"
},
"downloads": -1,
"filename": "poetry_audit_plugin-0.4.0.tar.gz",
"has_sig": false,
"md5_digest": "e72a0e3875936dd0f33b3c082b76e500",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8,<4.0",
"size": 7933,
"upload_time": "2024-03-09T02:56:49",
"upload_time_iso_8601": "2024-03-09T02:56:49.594186Z",
"url": "https://files.pythonhosted.org/packages/8a/3b/c4721c1d7cd642a407ba4a09d3aee57a5975b0fa8e73fb1804470764f637/poetry_audit_plugin-0.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-09 02:56:49",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "opeco17",
"github_project": "poetry-audit-plugin",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "poetry-audit-plugin"
}
JSON
