Python
Python package analysis and vulnerability scanning capabilities
Package analysis
| Cataloger + Evidence | License | Dependencies | Package Manager Claims | ||||
|---|---|---|---|---|---|---|---|
| Depth | Edges | Kinds | Files | Digests | Integrity Hash | ||
python-installed-package-cataloger *.egg-info, *dist-info/METADATA, *egg-info/PKG-INFO, *DIST-INFO/METADATA, *EGG-INFO/PKG-INFO |
direct | complete | runtime | ||||
python-package-cataloger uv.lock |
transitive | complete | dev, optional | ||||
python-package-cataloger setup.py |
direct | ||||||
python-package-cataloger Pipfile.lock |
transitive | runtime | |||||
python-package-cataloger poetry.lock |
transitive | complete | dev, optional | ||||
python-package-cataloger *requirements*.txt |
|||||||
Syft Configuration
| Configuration Key | Description |
|---|---|
python.guess-unpinned-requirements |
Attempts to infer package versions from version constraints when no explicit version is specified in requirements files. |
Vulnerability scanning
| Data Source | Disclosures | Fixes | Track by Source Package |
||
|---|---|---|---|---|---|
| Affected | Date | Versions | Date | ||
| GitHub Security Advisories (GHSA) | |||||
| National Vulnerability Database (NVD) | |||||
Grype Configuration
| Configuration Key | Description |
|---|---|
match.python.using-cpes |
Use CPE package identifiers to find vulnerabilities |