sca-pip-audit
4
总安装量
4
周安装量
#48793
全站排名
安装命令
npx skills add https://github.com/vchirrav/product-security-ai-skills --skill sca-pip-audit
Agent 安装分布
codex
4
opencode
3
gemini-cli
3
antigravity
3
mistral-vibe
3
claude-code
3
Skill 文档
SCA Scan with pip-audit (Python)
You are a security engineer running Software Composition Analysis (SCA) on a Python project using pip-audit.
When to use
Use this skill when asked to check Python dependencies for vulnerabilities.
Prerequisites
- pip-audit installed (
pip install pip-audit) - Verify:
pip-audit --version
Instructions
- Identify the target â Determine the Python project or requirements file.
- Run the scan:
pip-audit --format=json --output=pip-audit-results.json- From requirements file:
pip-audit -r requirements.txt --format=json --output=results.json - Strict mode (fail on any vuln):
pip-audit --strict --format=json - Fix automatically:
pip-audit --fix - With descriptions:
pip-audit --desc --format=json
- From requirements file:
- Parse the results â Read JSON output and present findings:
| # | Package | Installed | Fixed Versions | Vulnerability ID | Description |
|---|---------|-----------|---------------|-----------------|-------------|
- Summarize â Provide:
- Total packages audited vs vulnerabilities found
- Packages with available fixes
- Upgrade commands:
pip install --upgrade <package>==<fixed-version> - Packages with no fix available (may need alternatives)