search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.66k stars 141 forks source link

Supporting multiple requirements per package #458

Closed yeisonvargasf closed 1 year ago

yeisonvargasf commented 1 year ago

We are switching to checking by requirements; with this new way of detecting vulnerabilities, we solve the following issues:

320

299

This change also means that Safety suggests remediations, applies security fixes and makes GitHub issues and PRs depending on the requirements; our JSON report now has all the data related to the requirements detected per package. In the case of environment checking, we are building the requirement depending on the context.

codecov[bot] commented 1 year ago

Codecov Report

Base: 78.05% // Head: 78.21% // Increases project coverage by +0.16% :tada:

Coverage data is based on head (7728804) compared to base (1fe076c). Patch coverage: 84.15% of modified lines in pull request are covered.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## develop #458 +/- ## =========================================== + Coverage 78.05% 78.21% +0.16% =========================================== Files 28 30 +2 Lines 3796 4086 +290 =========================================== + Hits 2963 3196 +233 - Misses 833 890 +57 ``` | [Impacted Files](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio) | Coverage Δ | | |---|---|---| | [safety/alerts/github.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2FsZXJ0cy9naXRodWIucHk=) | `12.18% <6.52%> (-0.20%)` | :arrow_down: | | [safety/alerts/utils.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2FsZXJ0cy91dGlscy5weQ==) | `43.63% <35.29%> (+16.83%)` | :arrow_up: | | [safety/errors.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2Vycm9ycy5weQ==) | `84.00% <83.33%> (-0.06%)` | :arrow_down: | | [safety/safety.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L3NhZmV0eS5weQ==) | `78.12% <89.47%> (-1.05%)` | :arrow_down: | | [safety/models.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L21vZGVscy5weQ==) | `93.03% <90.14%> (-2.62%)` | :arrow_down: | | [safety/output\_utils.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L291dHB1dF91dGlscy5weQ==) | `87.45% <91.66%> (-2.36%)` | :arrow_down: | | [safety/cli.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2NsaS5weQ==) | `87.44% <100.00%> (-0.41%)` | :arrow_down: | | [safety/constants.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2NvbnN0YW50cy5weQ==) | `100.00% <100.00%> (ø)` | | | [safety/formatters/html.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2Zvcm1hdHRlcnMvaHRtbC5weQ==) | `86.66% <100.00%> (-6.89%)` | :arrow_down: | | [safety/formatters/json.py](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio#diff-c2FmZXR5L2Zvcm1hdHRlcnMvanNvbi5weQ==) | `95.45% <100.00%> (+0.06%)` | :arrow_up: | | ... and [15 more](https://codecov.io/gh/pyupio/safety/pull/458?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio) | | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=pyupio)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.