Pip-audit: Google-backed tool probes Python environments for vulnerable packages


With Google’s assistance, a tool that scans Python environments for packages with known vulnerabilities has been released.

Pipaudit’ uses the PyPI JSON API to compare dependencies to the Python Packaging Advisory Database – a repository of security advisories that gets a lot of its data from the NVD CVE feed. Users can also check dependencies against the Open Source Vulnerabilities (OSV) database.

Read More…