Open tonybaloney opened 2 years ago
Thanks for the feature request! We are going to give the community 60 days from when this issue was created to provide 7 👍 upvotes on the opening comment to gauge general interest in this idea. If there's enough upvotes then we will consider this feature request in our future planning. If there's unfortunately not enough upvotes then we will close this issue.
One of the pip-audit
authors here: thanks for looking into integrating this so rapidly! We're excited to see editors and IDEs use our tool!
Thank you to everyone who upvoted this issue! Since the community showed interest in this feature request we will leave this issue open as something to consider implementing at some point in the future.
We do encourage people to continue 👍 the first/opening comment as it helps us prioritize our work based on what the community seems to want the most.
I'm looking for a solution to automatically scan the packages in my selected interpreter for a workspace and raise warning/log messages on the UI when there are security vulnerabilities.
pip-audit
is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-db) via the PyPI JSON API as a source of vulnerability reports.So far, the best I can come up with is a task to run
pip-audit
on project, but this has to be configured per-project, there is no way I can find to have this for all projects with a configured interpreter.This required a module-entry point for pip-audit, which is implemented but unreleased.
This feature doesn't really fit into the linters integrations, as its not specific to the current file.
Expectations:
pip-audit
not required, if other solutions are available