Dependency Auditor
Scan Python requirements for known vulnerabilities, outdated versions, and risky packages.
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 10 files
📖 Documentation Preview README excerpt
Dependency Auditor
Scan Python requirements files for known vulnerabilities, outdated versions, and risky packages. Checks against a curated local CVE database — no network required.
Features
- Local CVE database — curated vulnerability data for 50+ popular Python packages, no network needed
- Requirements parsing — reads
requirements.txt,Pipfile, and pinned version formats - Version comparison — semantic version matching with range-aware CVE lookups
- Severity ratings — each CVE tagged as critical, high, medium, or low
- Upgrade recommendations — suggests safe target versions for vulnerable packages
- Strict mode — exit code 1 on any vulnerability found (CI/CD friendly)
- JSON and console output — structured data or human-readable reports
- Offline operation — works entirely without internet access
Requirements
- Python 3.10+
- No external dependencies (stdlib only)
Quick Start
# Audit your requirements file
python src/dependency_auditor.py --file requirements.txt
# Strict mode — fail on any vulnerability
python src/dependency_auditor.py --file requirements.txt --strict
# Audit a Pipfile with JSON output
python src/dependency_auditor.py --file Pipfile --output report.json
Output
Console output shows a package-by-package breakdown with CVE IDs, severity, and recommended actions. JSON output provides structured findings for integration with dashboards or CI systems.
Sample Input
See examples/sample_requirements.txt — includes intentionally vulnerable versions for testing:
django==4.2.5
flask==2.3.2
requests==2.28.0
pyyaml==5.4
Configuration Reference
| CLI Flag | Type | Description |
|---|---|---|
--file | string | Path to requirements.txt, Pipfile, or similar |
--strict | flag | Exit 1 if any vulnerability found |
--output | string | Write JSON report to this path |
--severity | string | Minimum severity to report (low, medium, high, critical) |
CVE Database Coverage
The built-in database covers frequently exploited packages including:
... continues with setup instructions, usage examples, and more.