on any dependency (default: False)
--desc [{onoffauto
include a description for each vulnerability; `auto`
defaults to `on` for the `json` format. This flag has
no effect on the `cyclonedx-json` or `cyclonedx-xml`
formats. (default: auto)
--cache-dir CACHE_DIR
the directory to use as an HTTP cache for PyPI; uses
the `pip` HTTP cache by default (default: None)
--progress-spinner {onoff
display a progress spinner (default: on)
--timeout TIMEOUT set the socket timeout (default: 15)
--path PATHS restrict to the specified installation path for
auditing packages; this option can be used multiple
times (default: [
)
-v --verbose give more output; this setting overrides the
`PIP_AUDIT_LOGLEVEL` variable and is equivalent to
setting it to `debug` (default: False)
--fix automatically upgrade dependencies with known
vulnerabilities (default: False)
--require-hashes require a hash to check each requirement against for
repeatable audits; this option is implied when any
package in a requirements file has a `--hash` option.
(default: False)
退出代码任务完成后 ,pip-audit将会退出运行 , 并返回一个代码以显示其状态 , 其中:
工具使用样例审计当前Python环境中的依赖:
0:未检测到已知漏洞;
1:检测到了一个或多个已知漏洞;
$ pip-audit
No known vulnerabilities found
审计给定requirements文件的依赖:
$ pip-audit -r ./requirements.txt
No known vulnerabilities found
审计一个requirements文件 , 并排除系统包:
$ pip-audit -r ./requirements.txt -l
No known vulnerabilities found
审计依赖中发现的安全漏洞:
$ pip-audit
Found 2 known vulnerabilities in 1 package
Name Version ID Fix Versions
---- ------- -------------- ------------
Flask 0.5 PYSEC-2019-179 1.0
Flask 0.5 PYSEC-2018-66 0.12.3
审计依赖(包含描述):
$ pip-audit --desc
Found 2 known vulnerabilities in 1 package
Name Version ID Fix Versions Description
- 仓库|跨境电商海外仓:FBA退货换标业务介绍与功能设计
- MIUI|超多阉割!升级MIUI 13后,这些功能彻底没了
- CPU|Intel要推CPU氪金:花钱解锁额外功能、Linux内核率先支持
- Windows11|Windows 11版“您的手机”应用将更新! 任务栏新功能截图曝光
- 奥睿科|内置硬盘盒功能的奥睿科9合一扩展坞拆解点评
- |内存拓展功能千万别开?别听网友忽悠,怕杀后台就得打开
- 删除|懒人科技,新Android系统一项功能使在床上阅读更容易一些
- 飞利浦·斯塔克|选购洗衣机时,建议这三种功能慎选,多半是噱头,用处不大
- nas|ORICO上线多盘位NAS产品,多功能加持,小白也能轻松搭建
- 安卓|安卓13系统正式发布:7款机型抢先升级!重磅功能智能提速CPU加入