You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports.
Thanks!
The text was updated successfully, but these errors were encountered:
Hey @asmith26, we sure are discussing this. It would be best for integration purposes if someone (most likely a company) comes to help us with this in the form of an integration partner, as these features are hard to build without proper third-party testing and validation.
If this is something you could help with please let us know!
That said, with conda-forge/pixi we do have the ability to do this very well as we know where and how things are build (conda-forge) and the lock-file describes the packages extremely detailed. So this is not an unsolvable problem. An SBOM is just an extra step in the generation process.
Problem description
Hi,
Just wondering if there any tools for pixi that work like
pip-audit
, or if there are plans to integrate such a tool directly into pixi?For reference (from https://pypi.org/project/pip-audit/):
Thanks!
The text was updated successfully, but these errors were encountered: