pysentry-rs 0.1.5__tar.gz → 0.2.0__tar.gz

{pysentry_rs-0.1.5 → pysentry_rs-0.2.0}/Cargo.lock

@@ -1067,7 +1067,7 @@ dependencies = [
 
 [[package]]
 name = "pysentry"
-version = "0.1.5"
+version = "0.2.0"
 dependencies = [
  "anyhow",
  "async-trait",

{pysentry_rs-0.1.5 → pysentry_rs-0.2.0}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pysentry"
-version = "0.1.5"
+version = "0.2.0"
 edition = "2021"
 rust-version = "1.79"
 description = "Security vulnerability auditing for Python packages"

{pysentry_rs-0.1.5 → pysentry_rs-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.1.5
+Version: 0.2.0
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -32,11 +32,11 @@ A fast, reliable security vulnerability scanner for Python projects, written in
 
 ## Overview
 
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 
 ## Key Features
 
-- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
 - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
@@ -49,7 +49,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
   - Intelligent caching system
 - **Comprehensive Filtering**:
   - Severity levels (low, medium, high, critical)
-  - Dependency types (production, development, optional)
+  - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
   - Direct vs. transitive dependencies
 - **Enterprise Ready**: SARIF output for IDE/CI integration
 
@@ -174,7 +174,7 @@ pip install pip-tools
   ```
 - Alternatively, install resolvers globally for system-wide availability
 
-**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `poetry.lock` files can be scanned.
 
 ## Quick Start
 
@@ -189,15 +189,15 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
 
-# Scan requirements.txt (auto-detects resolver)
+# Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
 pysentry /path/to/project
 
 # Force specific resolver
 pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
-# Include development dependencies
-pysentry --dev
+# Include all dependencies (main + dev + optional)
+pysentry --all
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -210,13 +210,13 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --dev --optional --format sarif --output security-report.sarif
+uvx pysentry-rs --all --format sarif --output security-report.sarif
 
 # Check only direct dependencies using OSV database
 uvx pysentry-rs --direct-only --source osv
 
 # Or with installed binary
-pysentry --dev --optional --format sarif --output security-report.sarif
+pysentry --all --format sarif --output security-report.sarif
 pysentry --direct-only --source osv
 
 # Ignore specific vulnerabilities
@@ -255,8 +255,7 @@ pysentry --verbose --resolver uv /path/to/project
 | `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
 | `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
 | `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`          | Include development dependencies                      | `false`             |
-| `--optional`     | Include optional dependencies                         | `false`             |
+| `--all`          | Include all dependencies (main + dev + optional)      | `false`             |
 | `--direct-only`  | Check only direct dependencies                        | `false`             |
 | `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
 | `--output`       | Output file path                                      | `stdout`            |
@@ -293,6 +292,23 @@ PySentry has support for `uv.lock` files:
 - Source tracking
 - Dependency classification (main, dev, optional) including transitive dependencies
 
+### poetry.lock Files
+
+Full support for Poetry lock files:
+
+- **Exact Version Resolution**: Scans exact dependency versions locked by Poetry
+- **Lock-File Only Analysis**: Relies purely on the lock file structure, no pyproject.toml parsing needed
+- **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
+- **Dependency Classification**: Distinguishes between main dependencies and optional groups (dev, test, etc.)
+- **Source Tracking**: Supports PyPI registry, Git repositories, local paths, and direct URLs
+
+**Key Features:**
+
+- No external tools required
+- Fast parsing with exact version information
+- Handles Poetry's dependency groups and optional dependencies
+- Perfect for Poetry-managed projects with established lock files
+
 ### requirements.txt Files (External Resolution)
 
 Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -447,7 +463,7 @@ src/
 
 ```bash
 # Ensure you're in a Python project directory
-ls pyproject.toml uv.lock requirements.txt
+ls pyproject.toml uv.lock poetry.lock requirements.txt
 
 # Or specify the path explicitly
 pysentry /path/to/python/project
@@ -524,7 +540,7 @@ pysentry /path/to/python/project
 pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
 
 # Check if higher-priority files exist (they take precedence)
-ls uv.lock pyproject.toml
+ls uv.lock poetry.lock pyproject.toml
 ```
 
 **Performance Issues**

{pysentry_rs-0.1.5 → pysentry_rs-0.2.0}/README.md

@@ -6,11 +6,11 @@ A fast, reliable security vulnerability scanner for Python projects, written in
 
 ## Overview
 
-PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
+PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (`uv.lock`, `poetry.lock`, `pyproject.toml`, `requirements.txt`) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
 
 ## Key Features
 
-- **Multiple Project Formats**: Supports `uv.lock`, `pyproject.toml`, and `requirements.txt` files
+- **Multiple Project Formats**: Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` files
 - **External Resolver Integration**: Leverages `uv` and `pip-tools` for accurate requirements.txt constraint solving
 - **Multiple Data Sources**:
   - PyPA Advisory Database (default)
@@ -23,7 +23,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
   - Intelligent caching system
 - **Comprehensive Filtering**:
   - Severity levels (low, medium, high, critical)
-  - Dependency types (production, development, optional)
+  - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
   - Direct vs. transitive dependencies
 - **Enterprise Ready**: SARIF output for IDE/CI integration
 
@@ -148,7 +148,7 @@ pip install pip-tools
   ```
 - Alternatively, install resolvers globally for system-wide availability
 
-**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `pyproject.toml` files can be scanned.
+**Auto-detection:** PySentry automatically detects and prefers: `uv` > `pip-tools`. Without a resolver, only `uv.lock` and `poetry.lock` files can be scanned.
 
 ## Quick Start
 
@@ -163,15 +163,15 @@ uvx pysentry-rs /path/to/python/project
 pysentry
 pysentry /path/to/python/project
 
-# Scan requirements.txt (auto-detects resolver)
+# Automatically detects project type (uv.lock, poetry.lock, pyproject.toml, requirements.txt)
 pysentry /path/to/project
 
 # Force specific resolver
 pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
-# Include development dependencies
-pysentry --dev
+# Include all dependencies (main + dev + optional)
+pysentry --all
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -184,13 +184,13 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --dev --optional --format sarif --output security-report.sarif
+uvx pysentry-rs --all --format sarif --output security-report.sarif
 
 # Check only direct dependencies using OSV database
 uvx pysentry-rs --direct-only --source osv
 
 # Or with installed binary
-pysentry --dev --optional --format sarif --output security-report.sarif
+pysentry --all --format sarif --output security-report.sarif
 pysentry --direct-only --source osv
 
 # Ignore specific vulnerabilities
@@ -229,8 +229,7 @@ pysentry --verbose --resolver uv /path/to/project
 | `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
 | `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
 | `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--dev`          | Include development dependencies                      | `false`             |
-| `--optional`     | Include optional dependencies                         | `false`             |
+| `--all`          | Include all dependencies (main + dev + optional)      | `false`             |
 | `--direct-only`  | Check only direct dependencies                        | `false`             |
 | `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
 | `--output`       | Output file path                                      | `stdout`            |
@@ -267,6 +266,23 @@ PySentry has support for `uv.lock` files:
 - Source tracking
 - Dependency classification (main, dev, optional) including transitive dependencies
 
+### poetry.lock Files
+
+Full support for Poetry lock files:
+
+- **Exact Version Resolution**: Scans exact dependency versions locked by Poetry
+- **Lock-File Only Analysis**: Relies purely on the lock file structure, no pyproject.toml parsing needed
+- **Complete Dependency Tree**: Analyzes all resolved dependencies including transitive ones
+- **Dependency Classification**: Distinguishes between main dependencies and optional groups (dev, test, etc.)
+- **Source Tracking**: Supports PyPI registry, Git repositories, local paths, and direct URLs
+
+**Key Features:**
+
+- No external tools required
+- Fast parsing with exact version information
+- Handles Poetry's dependency groups and optional dependencies
+- Perfect for Poetry-managed projects with established lock files
+
 ### requirements.txt Files (External Resolution)
 
 Advanced support for `requirements.txt` files using external dependency resolvers:
@@ -421,7 +437,7 @@ src/
 
 ```bash
 # Ensure you're in a Python project directory
-ls pyproject.toml uv.lock requirements.txt
+ls pyproject.toml uv.lock poetry.lock requirements.txt
 
 # Or specify the path explicitly
 pysentry /path/to/python/project
@@ -498,7 +514,7 @@ pysentry /path/to/python/project
 pysentry --requirements requirements-dev.txt --requirements requirements-test.txt
 
 # Check if higher-priority files exist (they take precedence)
-ls uv.lock pyproject.toml
+ls uv.lock poetry.lock pyproject.toml
 ```
 
 **Performance Issues**

pysentry_rs-0.2.0/python/pysentry/__init__.py

@@ -0,0 +1,187 @@
+"""pysentry: Security vulnerability auditing tool for Python packages."""
+
+from ._internal import audit_python, audit_with_options, check_resolvers, check_version
+
+__version__ = "0.2.0"
+__all__ = [
+    "audit_python",
+    "audit_with_options",
+    "check_resolvers",
+    "check_version",
+    "main",
+]
+
+
+def main():
+    """CLI entry point."""
+    import sys
+    import argparse
+
+    # Handle subcommands manually to match Rust CLI structure exactly
+    if len(sys.argv) > 1:
+        if sys.argv[1] == "resolvers":
+            # Resolvers subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry resolvers",
+                description="Check available dependency resolvers",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
+
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_resolvers(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
+
+        elif sys.argv[1] == "check-version":
+            # Check-version subcommand
+            parser = argparse.ArgumentParser(
+                prog="pysentry-rs check-version",
+                description="Check if a newer version is available",
+            )
+            parser.add_argument(
+                "-v", "--verbose", action="store_true", help="Enable verbose output"
+            )
+
+            args = parser.parse_args(sys.argv[2:])
+            try:
+                result = check_version(args.verbose)
+                print(result)
+            except Exception as e:
+                print(f"Error: {e}", file=sys.stderr)
+                sys.exit(1)
+            return
+        elif sys.argv[1] in ["-h", "--help"]:
+            # Show main help
+            pass
+        elif sys.argv[1] in ["-V", "--version"]:
+            print(f"pysentry-rs {__version__}")
+            return
+
+    # Main parser for audit command (default) and help
+    parser = argparse.ArgumentParser(
+        prog="pysentry-rs",
+        description="Security vulnerability auditing for Python packages",
+        usage="pysentry-rs [OPTIONS] [PATH] [COMMAND]",
+    )
+
+    # Add version argument
+    parser.add_argument(
+        "-V", "--version", action="version", version=f"pysentry-rs {__version__}"
+    )
+
+    # Main audit arguments
+    parser.add_argument(
+        "path",
+        nargs="?",
+        default=".",
+        metavar="PATH",
+        help="Path to the project directory to audit [default: .]",
+    )
+    parser.add_argument(
+        "--format",
+        choices=["human", "json", "sarif"],
+        default="human",
+        help="Output format [default: human] [possible values: human, json, sarif]",
+    )
+    parser.add_argument(
+        "--severity",
+        choices=["low", "medium", "high", "critical"],
+        default="low",
+        help="Minimum severity level to report [default: low] [possible values: low, medium, high, critical]",
+    )
+    parser.add_argument(
+        "--ignore",
+        action="append",
+        dest="ignore_ids",
+        metavar="ID",
+        help="Vulnerability IDs to ignore (can be specified multiple times)",
+    )
+    parser.add_argument(
+        "-o", "--output", metavar="FILE", help="Output file path (defaults to stdout)"
+    )
+    parser.add_argument(
+        "--all",
+        action="store_true",
+        help="Include ALL dependencies (main + dev, optional, etc)",
+    )
+    parser.add_argument(
+        "--direct-only",
+        action="store_true",
+        help="Only check direct dependencies (exclude transitive)",
+    )
+    parser.add_argument("--no-cache", action="store_true", help="Disable caching")
+    parser.add_argument("--cache-dir", metavar="DIR", help="Custom cache directory")
+    parser.add_argument(
+        "--source",
+        choices=["pypa", "pypi", "osv"],
+        default="pypa",
+        help="Vulnerability data source [default: pypa] [possible values: pypa, pypi, osv]",
+    )
+    parser.add_argument(
+        "--resolver",
+        choices=["uv", "pip-tools"],
+        default="uv",
+        help="Dependency resolver for requirements.txt files [default: uv] [possible values: uv, pip-tools]",
+    )
+    parser.add_argument(
+        "--requirements-files",
+        nargs="+",
+        metavar="FILE",
+        help="Specific requirements files to audit (disables auto-discovery)",
+    )
+    parser.add_argument(
+        "-v", "--verbose", action="store_true", help="Enable verbose output"
+    )
+    parser.add_argument(
+        "-q", "--quiet", action="store_true", help="Suppress non-error output"
+    )
+
+    # Add custom help text for commands
+    parser.epilog = """
+Commands:
+  resolvers      Check available dependency resolvers
+  check-version  Check if a newer version is available
+  help           Print this message or the help of the given subcommand(s)
+"""
+
+    args = parser.parse_args()
+
+    try:
+        # Main audit functionality - convert --all to dev/optional
+        dev = args.all
+        optional = args.all
+
+        result = audit_with_options(
+            path=args.path,
+            format=args.format,
+            source=args.source,
+            min_severity=args.severity,
+            ignore_ids=args.ignore_ids,
+            output=args.output,
+            dev=dev,
+            optional=optional,
+            direct_only=args.direct_only,
+            no_cache=args.no_cache,
+            cache_dir=args.cache_dir,
+            resolver=args.resolver,
+            requirements_files=args.requirements_files,
+            verbose=args.verbose,
+            quiet=args.quiet,
+        )
+
+        if not args.output:
+            print(result)
+
+    except Exception as e:
+        print(f"Error: {e}", file=sys.stderr)
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()