Ergonomic, hermetic, user-friendly software build system for Python, Go, Java, Kotlin, Protobuf, Scala, Shell. Pants lets you fearlessly scale up your codebase!

Pants

Hey everyone, I am trying to generate a frozen requirements.txt file for each pex_binary target's transitive dependencies. I need this file to feed the list of dependencies used by a pex_binary target to trivy's vulnerability analysis scanner. Any ideas and suggestions are much appreciated :pray:

I would opt to:
```pants package my/pex:target
tar -xzf dist/my.pex.target.pex PEX-INFO
jq '.' PEX-INFO```
there's details about all your dependencies/requirements in that file. Then you can still use a single resolve for all your pex'es.

thanks for the info <@U01PZK60W2F>
Is there a way to directly get either a pipfile.lock or requirements.txt from PEX-INFO?

I think there might be using the pex tools. If you install pex outside of pants, you’ll have a pex3 script with useful subcommands, some of which can consume an existing pex file. I’m on mobile now so can’t confirm the name but maybe something like `pex3 lock export …` or maybe one of the other subcommands.