Open Alex-ley-scrub opened 4 months ago
perhaps interestingly (or not) - this works - it scans my /Users/alex/miniconda/envs/py311/lib/python3.11/site-packages
rather than my pyproject.toml file but that is also pretty ideal:
uv pip uninstall safety
uv pip uninstall dparse
uv pip install safety==2.3.5
safety check
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /Users/alex/miniconda/envs/py311/lib/python3.11/site-packages
this also works but scans even more stuff:
uv pip uninstall safety
uv pip uninstall dparse
uv pip install safety==3.0.1 --prerelease=allow
safety check
Safety v3.0.1 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /Users/alex/miniconda/envs/py311/bin
-> /Users/alex/miniconda/envs/py311/lib/python311.zip
-> /Users/alex/miniconda/envs/py311/lib/python3.11/lib-dynload
-> /Users/alex/miniconda/envs/py311/lib/python3.11
-> /Users/alex/repos/Backend
-> /Users/alex/miniconda/envs/py311/lib/python3.11/site-packages
Is this safety check
a better command for me to run than safety scan
for my use case (scanning my repo env dependencies)?
safety, version 3.0.1
py39, py310, py311
(same on all)MacOS Sonoma 14.3.1 (MacBook Pro M1)
Description
safety scan
out of the box on my local repo dev environmentuv pip compile pyproject.toml -o requirements.txt
and thensafety scan
it did work (workaround I will use for now)safety scan
or does it not support pyproject.toml or is it a bug?What I Did