← Back to all products

Dependency Auditor

$29

Scan Python requirements for known vulnerabilities, outdated versions, and risky packages.

📁 10 files
MarkdownPythonDjangoFlaskCI/CD

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

dependency-auditor/ ├── LICENSE ├── README.md ├── examples/ │ └── sample_requirements.txt ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_sample-input.md │ └── 04_faq.md ├── index.html └── src/ └── dependency_auditor.py

📖 Documentation Preview README excerpt

Dependency Auditor

Scan Python requirements files for known vulnerabilities, outdated versions, and risky packages. Checks against a curated local CVE database — no network required.

Features

  • Local CVE database — curated vulnerability data for 50+ popular Python packages, no network needed
  • Requirements parsing — reads requirements.txt, Pipfile, and pinned version formats
  • Version comparison — semantic version matching with range-aware CVE lookups
  • Severity ratings — each CVE tagged as critical, high, medium, or low
  • Upgrade recommendations — suggests safe target versions for vulnerable packages
  • Strict mode — exit code 1 on any vulnerability found (CI/CD friendly)
  • JSON and console output — structured data or human-readable reports
  • Offline operation — works entirely without internet access

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)

Quick Start


# Audit your requirements file
python src/dependency_auditor.py --file requirements.txt

# Strict mode — fail on any vulnerability
python src/dependency_auditor.py --file requirements.txt --strict

# Audit a Pipfile with JSON output
python src/dependency_auditor.py --file Pipfile --output report.json

Output

Console output shows a package-by-package breakdown with CVE IDs, severity, and recommended actions. JSON output provides structured findings for integration with dashboards or CI systems.

Sample Input

See examples/sample_requirements.txt — includes intentionally vulnerable versions for testing:


django==4.2.5
flask==2.3.2
requests==2.28.0
pyyaml==5.4

Configuration Reference

CLI FlagTypeDescription
--filestringPath to requirements.txt, Pipfile, or similar
--strictflagExit 1 if any vulnerability found
--outputstringWrite JSON report to this path
--severitystringMinimum severity to report (low, medium, high, critical)

CVE Database Coverage

The built-in database covers frequently exploited packages including:

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/dependency_auditor.py #!/usr/bin/env python3 """ Dependency Auditor — Security Kit (DataNest) Scans Python requirements files and package manifests for known vulnerabilities, outdated versions, and upgrade recommendations. Checks against a local CVE pattern database and flags risky dependencies. Usage: python dependency_auditor.py --file requirements.txt python dependency_auditor.py --file requirements.txt --strict python dependency_auditor.py --file Pipfile --output report.json Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import json import logging import re import sys from dataclasses import dataclass, field, asdict from datetime import datetime, timezone from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Constants # --------------------------------------------------------------------------- logger = logging.getLogger("dependency_auditor") # Why a local database: We can't call the NVD API without requests (third-party). # This curated list covers the most commonly exploited Python package CVEs. # In production, you'd update this from a feed or use pip-audit. CVE_DATABASE: dict[str, list[dict[str, Any]]] = { "django": [ {"cve": "CVE-2024-XXXXX", "severity": "critical", "fixed_in": "4.2.8", "description": "SQL injection via JSONField lookups on SQLite"}, {"cve": "CVE-2024-YYYYY", "severity": "high", "fixed_in": "4.2.7", "description": "Denial of service via large file uploads"}, ], "flask": [ {"cve": "CVE-2023-XXXXX", "severity": "high", "fixed_in": "2.3.3", "description": "Session cookie parsing vulnerability"}, ], "requests": [ # ... 423 more lines ...
Buy Now — $29 Back to Products