Alternatives for safety dep checker for python?

saradiaz / appsec-toolbelt

A few basic dos, don'ts, and shoulds of secure application development

24 stars 9 forks source link

Alternatives for safety dep checker for python? #6

Open kishaningithub opened 2 years ago

kishaningithub commented 2 years ago

Doc link - https://github.com/saradiaz/appsec-toolbelt/blob/master/Python/dependency-check.md

If you see safety's readme it states

By default it uses the open Python vulnerability database Safety DB, which is licensed for non-commercial use only. For all commercial projects, Safely must be upgraded to use a PyUp API using the --key option.

Is there an alternative for safety which is open source and free to use for commercial projects?

kishaningithub commented 2 years ago

This tool looks very promising

https://github.com/pypa/pip-audit

Can you also include this in the doc?