PyPI - pyvulscan - Versions diffs - 0.1.0__tar.gz - Mend

pyvulscan 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

pyvulscan-0.1.0/.gitignore +10 -0
pyvulscan-0.1.0/.python-version +1 -0
pyvulscan-0.1.0/LICENSE +0 -0
pyvulscan-0.1.0/PKG-INFO +91 -0
pyvulscan-0.1.0/README.md +54 -0
pyvulscan-0.1.0/main.py +6 -0
pyvulscan-0.1.0/pyau.py +663 -0
pyvulscan-0.1.0/pyproject.toml +79 -0
pyvulscan-0.1.0/src/pyau/__init__.py +5 -0
pyvulscan-0.1.0/src/pyau/__main__.py +4 -0
pyvulscan-0.1.0/src/pyau/cli.py +84 -0
pyvulscan-0.1.0/src/pyau/osv/__init__.py +3 -0
pyvulscan-0.1.0/src/pyau/osv/client.py +43 -0
pyvulscan-0.1.0/src/pyau/osv/processor.py +36 -0
pyvulscan-0.1.0/src/pyau/parsers/__init__.py +3 -0
pyvulscan-0.1.0/src/pyau/parsers/detect.py +100 -0
pyvulscan-0.1.0/src/pyau/parsers/poetry.py +118 -0
pyvulscan-0.1.0/src/pyau/parsers/requirements.py +38 -0
pyvulscan-0.1.0/src/pyau/parsers/utils.py +50 -0
pyvulscan-0.1.0/src/pyau/parsers/uv.py +43 -0
pyvulscan-0.1.0/src/pyau/report.py +45 -0
pyvulscan-0.1.0/src/pyau/severity.py +69 -0
pyvulscan-0.1.0/tests/__init__.py +0 -0
pyvulscan-0.1.0/tests/unit/test_parser.py +57 -0
pyvulscan-0.1.0/uv.lock +2116 -0

pyvulscan-0.1.0/.gitignore ADDED Viewed

@@ -0,0 +1,10 @@
+# Python-generated files
+__pycache__/
+*.py[oc]
+build/
+dist/
+wheels/
+*.egg-info
+# Virtual environments
+.venv

pyvulscan-0.1.0/.python-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 3.14

pyvulscan-0.1.0/LICENSE ADDED Viewed

File without changes

pyvulscan-0.1.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,91 @@
+Metadata-Version: 2.4
+Name: pyvulscan
+Version: 0.1.0
+Summary: Vulnerability scanner for Python dependencies using the OSV API
+Project-URL: Homepage, https://github.com/statspyml/pyau
+Project-URL: Issues, https://github.com/statspyml/pyau/issues
+Author-email: Rodrigo Polverari <rodrigo.pp.toledo@gmail.com>
+License: MIT
+License-File: LICENSE
+Keywords: audit,dependencies,osv,security,vulnerabilities
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Requires-Python: >=3.11
+Requires-Dist: cvss>=2.6
+Requires-Dist: requests>=2.28.0
+Provides-Extra: dev
+Requires-Dist: httpx>=0.27; extra == 'dev'
+Requires-Dist: mypy>=1.10; extra == 'dev'
+Requires-Dist: pytest-asyncio>=0.23; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.4; extra == 'dev'
+Provides-Extra: mcp
+Requires-Dist: fastmcp>=0.1; extra == 'mcp'
+Provides-Extra: service
+Requires-Dist: alembic>=1.13; extra == 'service'
+Requires-Dist: apscheduler>=3.10; extra == 'service'
+Requires-Dist: fastapi>=0.110; extra == 'service'
+Requires-Dist: psycopg2-binary>=2.9; extra == 'service'
+Requires-Dist: sqlalchemy>=2.0; extra == 'service'
+Requires-Dist: uvicorn[standard]>=0.29; extra == 'service'
+Description-Content-Type: text/markdown
+# pyau
+Vulnerability scanner for Python dependencies using the [OSV API](https://osv.dev/).
+Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` — no environment activation needed.
+## Install
+```bash
+pip install pyau
+```
+## Usage
+```bash
+# Auto-detect lockfile in current project
+pyau pyproject.toml
+# Scan only direct dependencies (not transitive)
+pyau pyproject.toml --direct-only
+# Scan a specific lockfile
+pyau uv.lock
+pyau poetry.lock
+# JSON output (for CI/CD integration)
+pyau pyproject.toml --json
+# Exit with code 1 if vulnerabilities found (CI gate)
+pyau pyproject.toml --exit-code
+# Include dev dependencies (Poetry only)
+pyau pyproject.toml --group main --group dev
+```
+## How it works
+1. Parses your lockfile to get exact resolved versions
+2. Sends a single batch request to the OSV API
+3. Fetches full details (severity, fix version) for each vulnerability found
+4. Reports findings with CVSS score, label, and recommended fix version
+## Development
+```bash
+# Install with dev dependencies
+pip install -e ".[dev]"
+# Run tests
+pytest tests/
+# Lint
+ruff check src/
+```

pyvulscan-0.1.0/README.md ADDED Viewed

@@ -0,0 +1,54 @@
+# pyau
+Vulnerability scanner for Python dependencies using the [OSV API](https://osv.dev/).
+Supports `uv.lock`, `poetry.lock`, `pyproject.toml`, and `requirements.txt` — no environment activation needed.
+## Install
+```bash
+pip install pyau
+```
+## Usage
+```bash
+# Auto-detect lockfile in current project
+pyau pyproject.toml
+# Scan only direct dependencies (not transitive)
+pyau pyproject.toml --direct-only
+# Scan a specific lockfile
+pyau uv.lock
+pyau poetry.lock
+# JSON output (for CI/CD integration)
+pyau pyproject.toml --json
+# Exit with code 1 if vulnerabilities found (CI gate)
+pyau pyproject.toml --exit-code
+# Include dev dependencies (Poetry only)
+pyau pyproject.toml --group main --group dev
+```
+## How it works
+1. Parses your lockfile to get exact resolved versions
+2. Sends a single batch request to the OSV API
+3. Fetches full details (severity, fix version) for each vulnerability found
+4. Reports findings with CVSS score, label, and recommended fix version
+## Development
+```bash
+# Install with dev dependencies
+pip install -e ".[dev]"
+# Run tests
+pytest tests/
+# Lint
+ruff check src/
+```

pyvulscan-0.1.0/main.py ADDED Viewed

@@ -0,0 +1,6 @@
+def main():
+    print("Hello from pyau!")
+if __name__ == "__main__":
+    main()