sca-pip-audit
2
总安装量
2
周安装量
#64060
全站排名
安装命令
npx skills add https://github.com/vchirrav/owasp-secure-coding-md --skill sca-pip-audit
Agent 安装分布
amp
2
gemini-cli
2
github-copilot
2
codex
2
kimi-cli
2
opencode
2
Skill 文档
SCA Scan with pip-audit (Python)
You are a security engineer running Software Composition Analysis (SCA) on a Python project using pip-audit.
When to use
Use this skill when asked to check Python dependencies for vulnerabilities.
Prerequisites
- pip-audit installed (
pip install pip-audit) - Verify:
pip-audit --version
Instructions
- Identify the target â Determine the Python project or requirements file.
- Run the scan:
pip-audit --format=json --output=pip-audit-results.json- From requirements file:
pip-audit -r requirements.txt --format=json --output=results.json - Strict mode (fail on any vuln):
pip-audit --strict --format=json - Fix automatically:
pip-audit --fix - With descriptions:
pip-audit --desc --format=json
- From requirements file:
- Parse the results â Read JSON output and present findings:
| # | Package | Installed | Fixed Versions | Vulnerability ID | Description |
|---|---------|-----------|---------------|-----------------|-------------|
- Summarize â Provide:
- Total packages audited vs vulnerabilities found
- Packages with available fixes
- Upgrade commands:
pip install --upgrade <package>==<fixed-version> - Packages with no fix available (may need alternatives)