Scan Python requirements files for known vulnerabilities, outdated versions, and risky packages. Checks against a curated local CVE database — no network required.
Browse the actual product documentation and code examples included in this toolkit.
Key features of Dependency Auditor
• Local CVE database — curated vulnerability data for 50+ popular Python packages, no network needed • Requirements parsing — reads `requirements.txt`, `Pipfile`, and pinned version formats • Version comparison — semantic version matching with range-aware CVE lookups • Severity ratings — each CVE tagged as critical, high, medium, or low • Upgrade recommendations — suggests safe target versions for vulnerable packages • Strict mode — exit code 1 on any vulnerability found (CI/CD friendly)
Local CVE database — curated vulnerability data for 50+ popular Python packages, no network needed
Requirements parsing — reads `requirements.txt`, `Pipfile`, and pinned version formats
Version comparison — semantic version matching with range-aware CVE lookups
Severity ratings — each CVE tagged as critical, high, medium, or low
Upgrade recommendations — suggests safe target versions for vulnerable packages
Strict mode — exit code 1 on any vulnerability found (CI/CD friendly)
Configure Dependency Auditor parameters to see how the product works.
# Audit your requirements file python src/dependency_auditor.py --file requirements.txt # Strict mode — fail on any vulnerability python src/dependency_auditor.py --file requirements.txt --strict # Audit a Pipfile with JSON output python src/dependency_auditor.py --file Pipfile --output report.jso