search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.15k stars 347 forks source link

Support pyproject.toml files #1244

Open AdamKorcz opened 2 weeks ago

AdamKorcz commented 2 weeks ago

Currently OSV-Scanner does not support pyproject.toml files.

Example: https://github.com/huggingface/datatrove/blob/main/pyproject.toml

I am not familiar with how many projects use a pyproject.toml file for dependencies management so I can't speak to the impact of this enhancement. At the same time, it seems like an easy file to extract the dependencies from.

another-rex commented 1 week ago

I think this falls under #416. We already do support many python package managers that use pyproject.toml files, e.g. Poetry, PDM.