Closed rofrano closed 1 year ago
Sorry to have opened this so quickly. It dawned on me that I installed jake
globally and expected it to work in a virtual environment. When I installed it in the virtual environment instead, it correctly only saw the virtual environment and reported on Flask 1.1.4.
It might be good to mention this in the documentation. I'm closing this as solved.
Describe the bug
I'm trying to scan for vulnerabilities in the dependencies of my Python application which runs in a Python virtual environment. Unfortunately, Jake is scanning the 210 Python packages installed on the server my application is running on which is not the environment that my application running in. So it is reporting on packages my application can't even see.
Can you make it so that Jake will only scan the packages returned by
pip freeze
? Or allow us to specify the folder of our virtual environment so that it only scans the packages in there?To Reproduce Steps to reproduce the behavior:
Install a global Python package:
Create a virtual environment and install Flask 1.1.4
Run
flask --version
to check that you are running Flask 1.1.4Run
jake ddt
and notice it reports on Flask 2.2.2 and not 1.1.4Report details:
Expected behavior A clear and concise description of what you expected to happen.
I expect Jake to show the vulnerabilities in my active virtual environment which is Flask 1.1.4 but instead it shows the vulnerabilities in Flask 2.2.2 which isn't installed in my virtual environment and can't be used by my application running in that virtual environment.
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context Add any other context about the problem here.