<h1 align="center"> 🐍 Pyscan </h1>
  [](https://pypi.org/project/pyscan-rs) [](https://crates.io/crates/pyscan) [](https://GitHub.com/aswinnnn/pyscan/issues/) [](https://img.shields.io/github/languages/top/aswinnnn/pyscan)
<h4 align="center">
<!-- <img src="https://media.discordapp.net/attachments/1002212458502557718/1107648562004758538/pyscan.png?width=779&height=206"> -->
<img src="./assets/pyscan-repository.png">
</h4>
<h5 align="center"> <i>A dependency vulnerability scanner for your python projects, straight from the terminal.</i> </h5>
+ can be used within large projects. (see [benchmarks](BENCHMARKS.md))
+ automatically finds dependencies either from configuration files or within source code.
+ support for poetry,hatch,filt,pdm and can be integrated into existing build processes.
+ hasn't been battle-hardened yet. PRs and issue makers welcome.
## 🕊️ Install
```bash
pip install pyscan-rs
```
**look out for the "-rs"** part
or
```bash
cargo install pyscan
```
check out the [releases](https://github.com/aswinnnn/pyscan/releases).
## 🐇 Usage
Go to your python source directory (or wherever you keep your `requirements.txt`/`pyproject.toml`) and run:
```bash
> pyscan
```
or
```bash
> pyscan -d path/to/src
```
<!-- ## Docker
[WARNING: docker subcommand currently does not work, if you are installing pyscan solely for that purpose. It will be fixed and released in the next version. Thanks for the patience, people with actual jobs (i dont know anyone else who actually uses docker)]
Pyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.
```bash
> pyscan docker -n my-docker-image -p /path/inside/container/to/source
```
by <i>"source"</i> I mean `requirements.txt`, `pyproject.toml` or your python files.
Note: Your docker engine/daemon should be running as pyscan utilizes the `docker create` command. -->
<br>
Pyscan will find any dependencies added through poetry, hatch, filt, pdm, etc.
Here's the order of precedence for a source/config file:
+ `requirements.txt`
+ `pyproject.toml`
+ your source code (`.py`)
Pyscan will use your `pip` to find unknown versions, otherwise [pypi.org](https://pypi.org) for the latest version. Still, **Make sure you version-ize your requirements** and use proper [pep-508 syntax](https://peps.python.org/pep-0508/).
## Building
pyscan requires a rust version of `< v1.70`, and might be unstable on previous releases.
There's an overview of the codebase at [architecture](./architecture/). Grateful for all the contributions so far.
## 🦀 Note
pyscan doesn't make sure your code is safe from everything. Use all resources available to you like [safety](https://pypi.org/project/safety/) Dependabot, [`pip-audit`](https://pypi.org/project/pip-audit/), trivy and the likes.
## 🐰 Todo
As of October 15, 2023:
- [ ] Gather time to work on it (incredible task as a high schooler)
- [ ] Persistent state representation of a project's security.
- [ ] Graphical analysis of dependencies and their dependencies, and so on.
- [ ] Better display, search, filter of vulns
## 🐹 Donate
While not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.
Raw data
{
"_id": null,
"home_page": "https://github.com/aswinnnn/pyscan",
"name": "pyscan-rs",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "cli,python,security,vulnerability,pentesting",
"author": "Aswin <aswinxn@protonmail.com>",
"author_email": "Aswin <aswinxn@protonmail.com>",
"download_url": "https://files.pythonhosted.org/packages/5e/9d/24eb6b2d734e00de5d2af1757abf4f18af6b3f506b6ec499713ad696b957/pyscan_rs-0.1.6.tar.gz",
"platform": null,
"description": "<h1 align=\"center\"> \ud83d\udc0d Pyscan </h1>\n\n  [](https://pypi.org/project/pyscan-rs) [](https://crates.io/crates/pyscan) [](https://GitHub.com/aswinnnn/pyscan/issues/) [](https://img.shields.io/github/languages/top/aswinnnn/pyscan)\n\n<h4 align=\"center\"> \n\n<!-- <img src=\"https://media.discordapp.net/attachments/1002212458502557718/1107648562004758538/pyscan.png?width=779&height=206\"> -->\n\n<img src=\"./assets/pyscan-repository.png\">\n\n</h4>\n\n<h5 align=\"center\"> <i>A dependency vulnerability scanner for your python projects, straight from the terminal.</i> </h5>\n\n+ can be used within large projects. (see [benchmarks](BENCHMARKS.md))\n+ automatically finds dependencies either from configuration files or within source code.\n+ support for poetry,hatch,filt,pdm and can be integrated into existing build processes.\n+ hasn't been battle-hardened yet. PRs and issue makers welcome.\n\n## \ud83d\udd4a\ufe0f Install\n\n```bash\npip install pyscan-rs\n```\n**look out for the \"-rs\"** part\nor\n\n```bash\ncargo install pyscan\n```\n\ncheck out the [releases](https://github.com/aswinnnn/pyscan/releases).\n\n## \ud83d\udc07 Usage\n\nGo to your python source directory (or wherever you keep your `requirements.txt`/`pyproject.toml`) and run:\n\n```bash\n> pyscan\n```\nor\n```bash\n> pyscan -d path/to/src\n```\n\n<!-- ## Docker\n\n[WARNING: docker subcommand currently does not work, if you are installing pyscan solely for that purpose. It will be fixed and released in the next version. Thanks for the patience, people with actual jobs (i dont know anyone else who actually uses docker)]\n\nPyscan can scan inside docker images given you provide the correct path inside. This is still in its early stage and may break easily.\n\n```bash\n> pyscan docker -n my-docker-image -p /path/inside/container/to/source\n```\n\nby <i>\"source\"</i> I mean `requirements.txt`, `pyproject.toml` or your python files.\nNote: Your docker engine/daemon should be running as pyscan utilizes the `docker create` command. -->\n\n<br>\nPyscan will find any dependencies added through poetry, hatch, filt, pdm, etc.\nHere's the order of precedence for a source/config file:\n\n+ `requirements.txt`\n+ `pyproject.toml`\n+ your source code (`.py`)\n\nPyscan will use your `pip` to find unknown versions, otherwise [pypi.org](https://pypi.org) for the latest version. Still, **Make sure you version-ize your requirements** and use proper [pep-508 syntax](https://peps.python.org/pep-0508/).\n\n## Building\n\npyscan requires a rust version of `< v1.70`, and might be unstable on previous releases.\nThere's an overview of the codebase at [architecture](./architecture/). Grateful for all the contributions so far.\n\n## \ud83e\udd80 Note\n\npyscan doesn't make sure your code is safe from everything. Use all resources available to you like [safety](https://pypi.org/project/safety/) Dependabot, [`pip-audit`](https://pypi.org/project/pip-audit/), trivy and the likes.\n\n## \ud83d\udc30 Todo\n\nAs of October 15, 2023:\n\n- [ ] Gather time to work on it (incredible task as a high schooler)\n- [ ] Persistent state representation of a project's security.\n- [ ] Graphical analysis of dependencies and their dependencies, and so on.\n- [ ] Better display, search, filter of vulns \n\n## \ud83d\udc39 Donate\n\nWhile not coding, I am a broke high school student with nothing else to do. I appreciate all the help I can get.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "python dependency vulnerability scanner",
"version": "0.1.6",
"project_urls": {
"Homepage": "https://github.com/aswinnnn/pyscan",
"Source Code": "https://github.com/aswinnnn/pyscan"
},
"split_keywords": [
"cli",
"python",
"security",
"vulnerability",
"pentesting"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "649fdd51b2c27a1bfcc617fc9aad39033829e32dc052d7de1736d10d495aba01",
"md5": "ee26df1d46b3a56c62682c203b735873",
"sha256": "3817087612e25c446f03cda60b38b91f4cf4e3d443ab431889ea58853f4492ab"
},
"downloads": -1,
"filename": "pyscan_rs-0.1.6-py3-none-macosx_10_7_x86_64.whl",
"has_sig": false,
"md5_digest": "ee26df1d46b3a56c62682c203b735873",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 3013919,
"upload_time": "2023-10-15T10:39:16",
"upload_time_iso_8601": "2023-10-15T10:39:16.696991Z",
"url": "https://files.pythonhosted.org/packages/64/9f/dd51b2c27a1bfcc617fc9aad39033829e32dc052d7de1736d10d495aba01/pyscan_rs-0.1.6-py3-none-macosx_10_7_x86_64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "6c0b583a3ee4f12ecf34e3077872814c09cd083e3bec4fbfaec1a47d10eaf9c3",
"md5": "126aadf1eda2af7ce9043dbe87672b94",
"sha256": "f5b18b3ed4e1a07bd4171ece221d15d2dc6190ff2ec601c8d70a1c3b77238638"
},
"downloads": -1,
"filename": "pyscan_rs-0.1.6-py3-none-macosx_11_0_arm64.whl",
"has_sig": false,
"md5_digest": "126aadf1eda2af7ce9043dbe87672b94",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 2848008,
"upload_time": "2023-10-15T10:39:18",
"upload_time_iso_8601": "2023-10-15T10:39:18.910560Z",
"url": "https://files.pythonhosted.org/packages/6c/0b/583a3ee4f12ecf34e3077872814c09cd083e3bec4fbfaec1a47d10eaf9c3/pyscan_rs-0.1.6-py3-none-macosx_11_0_arm64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "1010b6946e614f891dd0a38747a5791a5836ed6d905324419d5b277acc2cdc2c",
"md5": "538ec415c83269b39b976a465890baf9",
"sha256": "f888cad16b13c49ff1b698724a3092348565776e68b17607b7645ca59e727912"
},
"downloads": -1,
"filename": "pyscan_rs-0.1.6-py3-none-win32.whl",
"has_sig": false,
"md5_digest": "538ec415c83269b39b976a465890baf9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 2334154,
"upload_time": "2023-10-15T10:39:20",
"upload_time_iso_8601": "2023-10-15T10:39:20.984706Z",
"url": "https://files.pythonhosted.org/packages/10/10/b6946e614f891dd0a38747a5791a5836ed6d905324419d5b277acc2cdc2c/pyscan_rs-0.1.6-py3-none-win32.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "cfffe55b9db0241149e4518c20386163402f41abaaf91ab6ad16248034a9ceb1",
"md5": "f8312c552cbdccf920b4e061c3b2e9ff",
"sha256": "e6cfaee0d9af368b95e70fff33282bc79f8159fe8279697fc3d71a7bd62efd0d"
},
"downloads": -1,
"filename": "pyscan_rs-0.1.6-py3-none-win_amd64.whl",
"has_sig": false,
"md5_digest": "f8312c552cbdccf920b4e061c3b2e9ff",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 2502239,
"upload_time": "2023-10-15T10:39:23",
"upload_time_iso_8601": "2023-10-15T10:39:23.375572Z",
"url": "https://files.pythonhosted.org/packages/cf/ff/e55b9db0241149e4518c20386163402f41abaaf91ab6ad16248034a9ceb1/pyscan_rs-0.1.6-py3-none-win_amd64.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "5e9d24eb6b2d734e00de5d2af1757abf4f18af6b3f506b6ec499713ad696b957",
"md5": "50813d7f8fdfcf6cbb48e6f1530bd78c",
"sha256": "8102a51d8f52787f24f946fbcdd5b0c130ded0e2cff7ecd08a2746d8fc855a0f"
},
"downloads": -1,
"filename": "pyscan_rs-0.1.6.tar.gz",
"has_sig": false,
"md5_digest": "50813d7f8fdfcf6cbb48e6f1530bd78c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 1210593,
"upload_time": "2023-10-15T10:39:25",
"upload_time_iso_8601": "2023-10-15T10:39:25.533522Z",
"url": "https://files.pythonhosted.org/packages/5e/9d/24eb6b2d734e00de5d2af1757abf4f18af6b3f506b6ec499713ad696b957/pyscan_rs-0.1.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-10-15 10:39:25",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "aswinnnn",
"github_project": "pyscan",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pyscan-rs"
}
JSON
