pysentry-rs 0.2.0__tar.gz → 0.2.1__tar.gz

pysentry_rs-0.2.1/.github/FUNDING.yml

@@ -0,0 +1 @@
+buy_me_a_coffee: nyudenkov

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/.github/workflows/ci.yml

@@ -4,19 +4,21 @@ on:
   push:
     branches: [main]
     paths-ignore:
-      - '**.md'
-      - 'LICENSE'
-      - '.gitignore'
-      - '.editorconfig'
-      - '.github/dependabot.yml'
+      - "**.md"
+      - "LICENSE"
+      - ".gitignore"
+      - ".editorconfig"
+      - ".github/dependabot.yml"
+      - ".github/FUNDING.yml"
   pull_request:
     branches: [main]
     paths-ignore:
-      - '**.md'
-      - 'LICENSE'
-      - '.gitignore'
-      - '.editorconfig'
-      - '.github/dependabot.yml'
+      - "**.md"
+      - "LICENSE"
+      - ".gitignore"
+      - ".editorconfig"
+      - ".github/dependabot.yml"
+      - ".github/FUNDING.yml"
 
 env:
   CARGO_TERM_COLOR: always

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/Cargo.lock

@@ -1067,7 +1067,7 @@ dependencies = [
 
 [[package]]
 name = "pysentry"
-version = "0.2.0"
+version = "0.2.1"
 dependencies = [
  "anyhow",
  "async-trait",

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pysentry"
-version = "0.2.0"
+version = "0.2.1"
 edition = "2021"
 rust-version = "1.79"
 description = "Security vulnerability auditing for Python packages"

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: pysentry-rs
-Version: 0.2.0
+Version: 0.2.1
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
 Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
@@ -26,6 +26,8 @@ Project-URL: Issues, https://github.com/nyudenkov/pysentry/issues
 
 # 🐍 PySentry
 
+[![OSV Integration](https://img.shields.io/badge/OSV-Integrated-blue)](https://google.github.io/osv.dev/)
+
 [Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12)
 
 A fast, reliable security vulnerability scanner for Python projects, written in Rust.
@@ -42,7 +44,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
   - PyPA Advisory Database (default)
   - PyPI JSON API
   - OSV.dev (Open Source Vulnerabilities)
-- **Flexible Output**: Human-readable, JSON, and SARIF formats
+- **Flexible Output for different workflows**: Human-readable, JSON, SARIF, and Markdown formats
 - **Performance Focused**:
   - Written in Rust for speed
   - Async/concurrent processing
@@ -197,7 +199,7 @@ pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
 # Include all dependencies (main + dev + optional)
-pysentry --all
+pysentry --all-extras
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -210,14 +212,22 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --all --format sarif --output security-report.sarif
+uvx pysentry-rs --all-extras --format sarif --output security-report.sarif
+
+# Check multiple vulnerability sources concurrently
+uvx pysentry-rs --sources pypa,osv,pypi /path/to/project
+uvx pysentry-rs --sources pypa --sources osv --sources pypi
 
-# Check only direct dependencies using OSV database
-uvx pysentry-rs --direct-only --source osv
+# Generate markdown report
+uvx pysentry-rs --format markdown --output security-report.md
+
+# Control CI exit codes - only fail on critical vulnerabilities
+uvx pysentry-rs --fail-on critical
 
 # Or with installed binary
-pysentry --all --format sarif --output security-report.sarif
-pysentry --direct-only --source osv
+pysentry --all-extras --format sarif --output security-report.sarif
+pysentry --sources pypa,osv --direct-only
+pysentry --format markdown --output security-report.md
 
 # Ignore specific vulnerabilities
 pysentry --ignore CVE-2023-12345 --ignore GHSA-xxxx-yyyy-zzzz
@@ -246,25 +256,45 @@ pysentry /path/to/project
 pysentry --verbose --resolver uv /path/to/project
 ```
 
+### CI/CD Integration Examples
+
+```bash
+# Development environment - only fail on critical vulnerabilities
+pysentry --fail-on critical --format json --output security-report.json
+
+# Staging environment - fail on high+ vulnerabilities
+pysentry --fail-on high --sources pypa,osv --format sarif --output security.sarif
+
+# Production deployment - strict security (fail on medium+, default)
+pysentry --sources pypa,pypi,osv --format json --output prod-security.json
+
+# Generate markdown report for GitHub issues/PRs
+pysentry --format markdown --output SECURITY-REPORT.md
+
+# Comprehensive audit with all sources and full reporting
+pysentry --sources pypa,pypi,osv --all-extras --format json --fail-on low
+```
+
 ## Configuration
 
 ### Command Line Options
 
-| Option           | Description                                           | Default             |
-| ---------------- | ----------------------------------------------------- | ------------------- |
-| `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
-| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
-| `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--all`          | Include all dependencies (main + dev + optional)      | `false`             |
-| `--direct-only`  | Check only direct dependencies                        | `false`             |
-| `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
-| `--output`       | Output file path                                      | `stdout`            |
-| `--no-cache`     | Disable caching                                       | `false`             |
-| `--cache-dir`    | Custom cache directory                                | `~/.cache/pysentry` |
-| `--verbose`      | Enable verbose output                                 | `false`             |
-| `--quiet`        | Suppress non-error output                             | `false`             |
-| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`        | `auto`              |
-| `--requirements` | Additional requirements files (repeatable)            | `[]`                |
+| Option           | Description                                             | Default             |
+| ---------------- | ------------------------------------------------------- | ------------------- |
+| `--format`       | Output format: `human`, `json`, `sarif`, `markdown`     | `human`             |
+| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical`   | `low`               |
+| `--fail-on`      | Fail (exit non-zero) on vulnerabilities ≥ severity      | `medium`            |
+| `--sources`      | Vulnerability sources: `pypa`, `pypi`, `osv` (multiple) | `pypa`              |
+| `--all-extras`   | Include all dependencies (main + dev + optional)        | `false`             |
+| `--direct-only`  | Check only direct dependencies                          | `false`             |
+| `--ignore`       | Vulnerability IDs to ignore (repeatable)                | `[]`                |
+| `--output`       | Output file path                                        | `stdout`            |
+| `--no-cache`     | Disable caching                                         | `false`             |
+| `--cache-dir`    | Custom cache directory                                  | `~/.cache/pysentry` |
+| `--verbose`      | Enable verbose output                                   | `false`             |
+| `--quiet`        | Suppress non-error output                               | `false`             |
+| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`          | `auto`              |
+| `--requirements` | Additional requirements files (repeatable)              | `[]`                |
 
 ### Cache Management
 
@@ -376,6 +406,10 @@ Support for projects without lock files:
 
 Most comfortable to read.
 
+### Markdown
+
+GitHub-friendly format with structured sections and severity indicators. Perfect for documentation, GitHub issues, and security reports.
+
 ### JSON
 
 ```json
@@ -510,8 +544,9 @@ pysentry --verbose /path/to/project
 # Check network connectivity
 curl -I https://osv-vulnerabilities.storage.googleapis.com/
 
-# Try with different source
-pysentry --source pypi
+# Try with different or multiple sources
+pysentry --sources pypi
+pysentry --sources pypa,osv
 ```
 
 **Slow requirements.txt resolution**

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/README.md

@@ -1,5 +1,7 @@
 # 🐍 PySentry
 
+[![OSV Integration](https://img.shields.io/badge/OSV-Integrated-blue)](https://google.github.io/osv.dev/)
+
 [Help to test and improve](https://github.com/nyudenkov/pysentry/issues/12)
 
 A fast, reliable security vulnerability scanner for Python projects, written in Rust.
@@ -16,7 +18,7 @@ PySentry audits Python projects for known security vulnerabilities by analyzing
   - PyPA Advisory Database (default)
   - PyPI JSON API
   - OSV.dev (Open Source Vulnerabilities)
-- **Flexible Output**: Human-readable, JSON, and SARIF formats
+- **Flexible Output for different workflows**: Human-readable, JSON, SARIF, and Markdown formats
 - **Performance Focused**:
   - Written in Rust for speed
   - Async/concurrent processing
@@ -171,7 +173,7 @@ pysentry --resolver uv /path/to/project
 pysentry --resolver pip-tools /path/to/project
 
 # Include all dependencies (main + dev + optional)
-pysentry --all
+pysentry --all-extras
 
 # Filter by severity (only show high and critical)
 pysentry --severity high
@@ -184,14 +186,22 @@ pysentry --format json --output audit-results.json
 
 ```bash
 # Using uvx for comprehensive audit
-uvx pysentry-rs --all --format sarif --output security-report.sarif
+uvx pysentry-rs --all-extras --format sarif --output security-report.sarif
+
+# Check multiple vulnerability sources concurrently
+uvx pysentry-rs --sources pypa,osv,pypi /path/to/project
+uvx pysentry-rs --sources pypa --sources osv --sources pypi
 
-# Check only direct dependencies using OSV database
-uvx pysentry-rs --direct-only --source osv
+# Generate markdown report
+uvx pysentry-rs --format markdown --output security-report.md
+
+# Control CI exit codes - only fail on critical vulnerabilities
+uvx pysentry-rs --fail-on critical
 
 # Or with installed binary
-pysentry --all --format sarif --output security-report.sarif
-pysentry --direct-only --source osv
+pysentry --all-extras --format sarif --output security-report.sarif
+pysentry --sources pypa,osv --direct-only
+pysentry --format markdown --output security-report.md
 
 # Ignore specific vulnerabilities
 pysentry --ignore CVE-2023-12345 --ignore GHSA-xxxx-yyyy-zzzz
@@ -220,25 +230,45 @@ pysentry /path/to/project
 pysentry --verbose --resolver uv /path/to/project
 ```
 
+### CI/CD Integration Examples
+
+```bash
+# Development environment - only fail on critical vulnerabilities
+pysentry --fail-on critical --format json --output security-report.json
+
+# Staging environment - fail on high+ vulnerabilities
+pysentry --fail-on high --sources pypa,osv --format sarif --output security.sarif
+
+# Production deployment - strict security (fail on medium+, default)
+pysentry --sources pypa,pypi,osv --format json --output prod-security.json
+
+# Generate markdown report for GitHub issues/PRs
+pysentry --format markdown --output SECURITY-REPORT.md
+
+# Comprehensive audit with all sources and full reporting
+pysentry --sources pypa,pypi,osv --all-extras --format json --fail-on low
+```
+
 ## Configuration
 
 ### Command Line Options
 
-| Option           | Description                                           | Default             |
-| ---------------- | ----------------------------------------------------- | ------------------- |
-| `--format`       | Output format: `human`, `json`, `sarif`               | `human`             |
-| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical` | `low`               |
-| `--source`       | Vulnerability source: `pypa`, `pypi`, `osv`           | `pypa`              |
-| `--all`          | Include all dependencies (main + dev + optional)      | `false`             |
-| `--direct-only`  | Check only direct dependencies                        | `false`             |
-| `--ignore`       | Vulnerability IDs to ignore (repeatable)              | `[]`                |
-| `--output`       | Output file path                                      | `stdout`            |
-| `--no-cache`     | Disable caching                                       | `false`             |
-| `--cache-dir`    | Custom cache directory                                | `~/.cache/pysentry` |
-| `--verbose`      | Enable verbose output                                 | `false`             |
-| `--quiet`        | Suppress non-error output                             | `false`             |
-| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`        | `auto`              |
-| `--requirements` | Additional requirements files (repeatable)            | `[]`                |
+| Option           | Description                                             | Default             |
+| ---------------- | ------------------------------------------------------- | ------------------- |
+| `--format`       | Output format: `human`, `json`, `sarif`, `markdown`     | `human`             |
+| `--severity`     | Minimum severity: `low`, `medium`, `high`, `critical`   | `low`               |
+| `--fail-on`      | Fail (exit non-zero) on vulnerabilities ≥ severity      | `medium`            |
+| `--sources`      | Vulnerability sources: `pypa`, `pypi`, `osv` (multiple) | `pypa`              |
+| `--all-extras`   | Include all dependencies (main + dev + optional)        | `false`             |
+| `--direct-only`  | Check only direct dependencies                          | `false`             |
+| `--ignore`       | Vulnerability IDs to ignore (repeatable)                | `[]`                |
+| `--output`       | Output file path                                        | `stdout`            |
+| `--no-cache`     | Disable caching                                         | `false`             |
+| `--cache-dir`    | Custom cache directory                                  | `~/.cache/pysentry` |
+| `--verbose`      | Enable verbose output                                   | `false`             |
+| `--quiet`        | Suppress non-error output                               | `false`             |
+| `--resolver`     | Dependency resolver: `auto`, `uv`, `pip-tools`          | `auto`              |
+| `--requirements` | Additional requirements files (repeatable)              | `[]`                |
 
 ### Cache Management
 
@@ -350,6 +380,10 @@ Support for projects without lock files:
 
 Most comfortable to read.
 
+### Markdown
+
+GitHub-friendly format with structured sections and severity indicators. Perfect for documentation, GitHub issues, and security reports.
+
 ### JSON
 
 ```json
@@ -484,8 +518,9 @@ pysentry --verbose /path/to/project
 # Check network connectivity
 curl -I https://osv-vulnerabilities.storage.googleapis.com/
 
-# Try with different source
-pysentry --source pypi
+# Try with different or multiple sources
+pysentry --sources pypi
+pysentry --sources pypa,osv
 ```
 
 **Slow requirements.txt resolution**

{pysentry_rs-0.2.0 → pysentry_rs-0.2.1}/python/pysentry/__init__.py

@@ -2,7 +2,7 @@
 
 from ._internal import audit_python, audit_with_options, check_resolvers, check_version
 
-__version__ = "0.2.0"
+__version__ = "0.2.1"
 __all__ = [
     "audit_python",
     "audit_with_options",
@@ -12,11 +12,74 @@ __all__ = [
 ]
 
 
+def resolve_sources(source, sources_list):
+    import sys
+
+    resolved_sources = []
+
+    if sources_list:
+        for source_arg in sources_list:
+            for source_str in source_arg.split(","):
+                source_str = source_str.strip()
+                if not source_str:
+                    continue
+                if source_str not in ["pypa", "pypi", "osv"]:
+                    print(
+                        f"Error: Invalid vulnerability source: '{source_str}'. Valid sources: pypa, pypi, osv",
+                        file=sys.stderr,
+                    )
+                    sys.exit(1)
+                resolved_sources.append(source_str)
+
+    if not resolved_sources:
+        if source != "pypa":
+            print(
+                "Warning: --source flag is deprecated and will be removed in a future version. Use --sources instead.",
+                file=sys.stderr,
+            )
+            resolved_sources.append(source)
+        else:
+            resolved_sources.append("pypa")
+
+    unique_sources = []
+    for src in resolved_sources:
+        if src not in unique_sources:
+            unique_sources.append(src)
+
+    return unique_sources
+
+
 def main():
     """CLI entry point."""
     import sys
     import argparse
 
+    # Global flag to track if deprecation warning has been shown
+    _deprecation_warning_shown = False
+
+    def handle_all_flags(args):
+        """Handle the deprecated --all flag and new --all-extras flag with appropriate warnings."""
+        nonlocal _deprecation_warning_shown
+
+        if args.all and getattr(args, "all_extras", False):
+            if not _deprecation_warning_shown:
+                print(
+                    "Warning: Both --all and --all-extras flags are specified. Using --all-extras only. The --all flag is deprecated.",
+                    file=sys.stderr,
+                )
+                _deprecation_warning_shown = True
+            return True
+        elif args.all:
+            if not _deprecation_warning_shown:
+                print(
+                    "Warning: --all flag is deprecated and will be removed in a future version. Use --all-extras instead.",
+                    file=sys.stderr,
+                )
+                _deprecation_warning_shown = True
+            return True
+        else:
+            return getattr(args, "all_extras", False)
+
     # Handle subcommands manually to match Rust CLI structure exactly
     if len(sys.argv) > 1:
         if sys.argv[1] == "resolvers":
@@ -85,9 +148,9 @@ def main():
     )
     parser.add_argument(
         "--format",
-        choices=["human", "json", "sarif"],
+        choices=["human", "json", "sarif", "markdown"],
         default="human",
-        help="Output format [default: human] [possible values: human, json, sarif]",
+        help="Output format [default: human] [possible values: human, json, sarif, markdown]",
     )
     parser.add_argument(
         "--severity",
@@ -95,6 +158,12 @@ def main():
         default="low",
         help="Minimum severity level to report [default: low] [possible values: low, medium, high, critical]",
     )
+    parser.add_argument(
+        "--fail-on",
+        choices=["low", "medium", "high", "critical"],
+        default="medium",
+        help="Fail (exit non-zero) if vulnerabilities of this severity or higher are found [default: medium] [possible values: low, medium, high, critical]",
+    )
     parser.add_argument(
         "--ignore",
         action="append",
@@ -108,7 +177,12 @@ def main():
     parser.add_argument(
         "--all",
         action="store_true",
-        help="Include ALL dependencies (main + dev, optional, etc)",
+        help=argparse.SUPPRESS,  # Hide deprecated flag from help
+    )
+    parser.add_argument(
+        "--all-extras",
+        action="store_true",
+        help="Include ALL extra dependencies (main + dev, optional, etc)",
     )
     parser.add_argument(
         "--direct-only",
@@ -121,7 +195,12 @@ def main():
         "--source",
         choices=["pypa", "pypi", "osv"],
         default="pypa",
-        help="Vulnerability data source [default: pypa] [possible values: pypa, pypi, osv]",
+        help="Vulnerability data source [DEPRECATED: use --sources instead] [default: pypa] [possible values: pypa, pypi, osv]",
+    )
+    parser.add_argument(
+        "--sources",
+        action="append",
+        help="Vulnerability data sources (can be specified multiple times or comma-separated)",
     )
     parser.add_argument(
         "--resolver",
@@ -153,14 +232,19 @@ Commands:
     args = parser.parse_args()
 
     try:
-        # Main audit functionality - convert --all to dev/optional
-        dev = args.all
-        optional = args.all
+        # Main audit functionality - handle deprecated --all flag and new --all-extras flag
+        include_all = handle_all_flags(args)
+        dev = include_all
+        optional = include_all
+
+        resolved_sources = resolve_sources(
+            args.source, getattr(args, "sources", None) or []
+        )
 
         result = audit_with_options(
             path=args.path,
             format=args.format,
-            source=args.source,
+            sources=resolved_sources,
             min_severity=args.severity,
             ignore_ids=args.ignore_ids,
             output=args.output,
@@ -178,6 +262,27 @@ Commands:
         if not args.output:
             print(result)
 
+        if args.format == "json":
+            import json
+
+            try:
+                report_data = json.loads(result)
+                vulnerabilities = report_data.get("vulnerabilities", [])
+
+                severity_levels = {"low": 1, "medium": 2, "high": 3, "critical": 4}
+                fail_on_level = severity_levels.get(args.fail_on, 2)  # default medium
+
+                for vuln in vulnerabilities:
+                    vuln_severity = vuln.get("severity", "low").lower()
+                    vuln_level = severity_levels.get(vuln_severity, 1)
+                    if vuln_level >= fail_on_level:
+                        sys.exit(1)
+
+            except (json.JSONDecodeError, KeyError):
+                pass
+        else:
+            pass
+
     except Exception as e:
         print(f"Error: {e}", file=sys.stderr)
         sys.exit(1)