Pip audit scanner

🤖 AI-Generated Content

This documentation was generated with AI assistance and is still being audited. Some, or potentially a lot, of this information may be inaccurate. Learn more.

provide.testkit.quality.security.pip_audit_scanner ¶

Pip-audit dependency vulnerability scanner implementation.

Classes¶

PipAuditScanner ¶

PipAuditScanner(config: dict[str, Any] | None = None)

Dependency vulnerability scanner using pip-audit.

Scans Python dependencies for known security vulnerabilities using the PyPI security advisory database.

Note: pip-audit does not support config files. All configuration must be passed via CLI flags or the config dict. See wrknv.toml for CLI usage.

Initialize pip-audit scanner.

Parameters:

Name	Type	Description	Default
`config`	`dict[str, Any] \| None`	Scanner configuration options. Supported keys: - strict: Enable strict mode - local: Only scan locally installed packages - skip_editable: Skip editable installations - timeout: Command timeout in seconds	`None`

Source code in provide/testkit/quality/security/pip_audit_scanner.py

def __init__(self, config: dict[str, Any] | None = None) -> None:
    """Initialize pip-audit scanner.

    Args:
        config: Scanner configuration options. Supported keys:
                - strict: Enable strict mode
                - local: Only scan locally installed packages
                - skip_editable: Skip editable installations
                - timeout: Command timeout in seconds
    """
    if not PIP_AUDIT_AVAILABLE:
        raise QualityToolError(
            "pip-audit not available. Install with: pip install pip-audit",
            tool="pip-audit",
        )

    self.config = config or {}
    self.artifact_dir: Path | None = None

Functions¶

analyze ¶

analyze(path: Path, **kwargs: Any) -> QualityResult

Run pip-audit analysis on the given path.

Parameters:

Name	Type	Description	Default
`path`	`Path`	Path to analyze (directory with requirements or pyproject.toml)	required
`**kwargs`	`Any`	Additional options including artifact_dir	`{}`

Returns:

Type	Description
`QualityResult`	QualityResult with vulnerability analysis data

Source code in provide/testkit/quality/security/pip_audit_scanner.py

def analyze(self, path: Path, **kwargs: Any) -> QualityResult:
    """Run pip-audit analysis on the given path.

    Args:
        path: Path to analyze (directory with requirements or pyproject.toml)
        **kwargs: Additional options including artifact_dir

    Returns:
        QualityResult with vulnerability analysis data
    """
    self.artifact_dir = kwargs.get("artifact_dir", Path(".provide/output/security"))
    start_time = time.time()

    try:
        result = self._run_pip_audit(path)
        result.execution_time = time.time() - start_time
        self._generate_artifacts(result)
        return result

    except Exception as e:
        return QualityResult(
            tool="pip-audit",
            passed=False,
            details={"error": str(e), "error_type": type(e).__name__},
            execution_time=time.time() - start_time,
        )

report ¶

report(
    result: QualityResult, format: str = "terminal"
) -> str

Generate report from QualityResult.

Source code in provide/testkit/quality/security/pip_audit_scanner.py

def report(self, result: QualityResult, format: str = "terminal") -> str:
    """Generate report from QualityResult."""
    if format == "terminal":
        return self._generate_text_report(result)
    elif format == "json":
        return json.dumps(
            {
                "tool": result.tool,
                "passed": result.passed,
                "score": result.score,
                "details": result.details,
            },
            indent=2,
        )
    else:
        return str(result.details)