[x] #11 - This will take some time as parsing of pyproject.toml is hard-coded to only support PEP 621, which means redesigning how pyproject.toml should be scanned entirely, so that will be a while. [fixed]
[x] - implement parsing dependencies from setup.py,setuptools,poetry,hatch,filt, pdm
[x] multithreaded requests for > 100 dependencies
[x] output options
[ ] the crate pep-508 seems to be having trouble parsing embedded hash values in requirements.txt ( #16 ), which may or may not have a fix depending on the author of the lib.
[ ] (maybe) support for parsing SBOMs and KBOMs
[ ] (maybe) introduce displaying severity, along with a filter for known vuln IDs
This version will be focused on:
setup.py
,setuptools
,poetry
,hatch
,filt
,pdm
> 100
dependenciespep-508
seems to be having trouble parsing embedded hash values inrequirements.txt
( #16 ), which may or may not have a fix depending on the author of the lib.