-
## Bug description
With `--progress-spinner` being `on`, either spinner text or memory-stored logs appears on the terminal, but not both.
Examples:
* spinner message, no logs:
```
py310: …
i386x updated
4 months ago
-
Breakout from https://github.com/trailofbits/pip-audit/issues/335: we need to design an ergonomic "feature gate" scheme for `pip-audit`, to handle the following deployments:
* `python -m pip instal…
-
I'm looking for a solution to automatically scan the packages in my selected interpreter for a workspace and raise warning/log messages on the UI when there are security vulnerabilities.
`pip-audit…
-
## Bug description
With using [pip-tools workflow for layered requirements](https://github.com/jazzband/pip-tools#workflow-for-layered-requirements) pip-audit fails because of duplicate requirements.…
-
pip-audit looks for vulnerabilites in pip packages.
Overall, it would keep the project more secure.
https://github.com/pypa/pip-audit#github-actions
https://github.com/marketplace/actions/gh-acti…
-
**Is your feature request related to a problem? Please describe.**
Currently two vulnerability services are offered, `pypi` and `osv`, but these are both based on pip-audit retrieving information f…
-
**Is your feature request related to a problem? Please describe.**
We would like to be able to see the severity of vulnerabilities detected, and ideally filter them out based on being above/below a…
-
At the moment, we fall back to `~/.pip-audit/cache` if `pip cache dir` fails. This isn't a "respectful" default, since it doesn't adhere to either XDG (which probably wants us to consult `XDG_CACHE_HO…
-
`uv sync` omits them, while `uv pip install -e .` installs them as non-editable. This seems bad. At the very least, I'd say that `uv pip install -e .` should install them as editable.
-
https://github.com/trailofbits/gh-action-pip-audit/releases/tag/v1.0.0
worth considering as a SAST tool.
Wdut?