echoing-dog-45865
10/07/2022, 10:47 PMhundreds-father-404
10/07/2022, 10:53 PMpip-audit
. Imo the biggest issue there is trying to figure out how to model it, since it should never be cached unlike most linters -- you need to check every time for new advisories. I think @wide-midnight-78598 proposed an audit
goal, which I likedechoing-dog-45865
10/07/2022, 10:55 PMhappy-kitchen-89482
10/08/2022, 1:24 AMechoing-dog-45865
10/08/2022, 4:23 AMhappy-kitchen-89482
10/09/2022, 6:45 AMpolite-garden-50641
10/10/2022, 2:25 PMechoing-dog-45865
10/10/2022, 4:57 PMrough-appointment-4678
10/11/2022, 4:56 PMpython -m pip install -r requirements.txt
to be run for us to analyze the packages installed and for us to understand the transitive dependency graph.
With git integrations, Snyk parses the manifest files (requirements.txt, package.json, etc.) to build a dep graph and report on vulnerabilities.happy-kitchen-89482
10/11/2022, 4:57 PMrough-appointment-4678
10/11/2022, 5:22 PMsnyk auth
, then run something like snyk test
on a project. Here's a link to our documentation further. And a link to some python specific stuff here and hererequirements.txt
file?polite-garden-50641
10/11/2022, 5:48 PM