Eric-Arellano
commented
2 years ago Seems like this can fit into check (not lint). Probably run directly on python_requirement targets so you can do something like ./pants check 3rdparty/python::
Open chrisjrn opened 2 years ago
Eric-Arellano
commented
2 years ago Seems like this can fit into check (not lint). Probably run directly on python_requirement targets so you can do something like ./pants check 3rdparty/python::
Today, the
pip-audittool was released on PyPI. It's a Python tool that uses the Python Packaging Advisory Database (or alternative databases) to check for known vulnerabilities in 3rd-party dependencies.This would be a useful tool to be able to run against a Pants repo -- a new goal could scan for known vulnerabilities in dependency chains across multiple languages, as the tooling becomes available for those languages.