国产一区二区免费观看,久久精品人人做人人爽老司机

關(guān)于pip-auditpip-audit是一款功能強(qiáng)大的安全漏洞掃描工具，該工具主要針對(duì)Python環(huán)境，可以幫助廣大研究人員掃描和測(cè)試Python包中的已知安全漏洞。pip-audit使用了PythonPackagingAdvisory數(shù)據(jù)庫PyPIJSONAPI作為漏洞報(bào)告源。
功能介紹

1、支持對(duì)本地環(huán)境和依賴組件（requirements風(fēng)格文件）進(jìn)行安全審計(jì)；
2、支持多種漏洞服務(wù)（PyPI、OSV）；
3、支持以CycloneDX XML或JSON格式發(fā)送SBOM；
4、提供人類和機(jī)器均可讀的輸出格式（columnar、JSON）；
5、無縫接入 / 重用本地pip緩存；

工具安裝pip-audit基于Python開發(fā) ，且要求本地環(huán)境為Python 3.7或更新版本。安裝并配置好Python環(huán)境之后，就可以使用下列命令并通過pip來安裝pip-audit了：
python -m pip install pip-audit第三方包pip-audit的正常運(yùn)行需要使用到多個(gè)第三方包，具體組件包名稱和版本如下圖所示：

除此之外，我們還可以通過conda來安裝pip-audit：
conda install -c conda-forge pip-audit
工具使用我們可以直接將pip-audit以獨(dú)立程序運(yùn)行，或通過“python -m”運(yùn)行：
pip-audit --helppython -m pip_audit --help

usage: pip-audit [-h] [-V] [-l] [-r REQUIREMENTS] [-f FORMAT] [-s SERVICE][-d] [-S] [--desc [{on,off,auto}]] [--cache-dir CACHE_DIR][--progress-spinner {on,off}] [--timeout TIMEOUT][--path PATHS] [-v] [--fix] [--require-hashes]audit the Python environment for dependencies with known vulnerabilitiesoptional arguments:-h, --helpshow this help message and exit-V, --versionshow program's version number and exit-l, --localshow only results for dependencies in the localenvironment (default: False)-r REQUIREMENTS, --requirement REQUIREMENTSaudit the given requirements file; this option can beused multiple times (default: None)-f FORMAT, --format FORMATthe format to emit audit results in (choices: columns,json, cyclonedx-json, cyclonedx-xml) (default:columns)-s SERVICE, --vulnerability-service SERVICEthe vulnerability service to audit dependenciesagainst (choices: osv, pypi) (default: pypi)-d, --dry-runwithout `--fix`: collect all dependencies but do notperform the auditing step; with `--fix`: perform theauditing step but do not perform any fixes (default:False)-S, --strictfail the entire audit if dependency collection failson any dependency (default: False)--desc [{on,off,auto}]include a description for each vulnerability; `auto`defaults to `on` for the `json` format. This flag hasno effect on the `cyclonedx-json` or `cyclonedx-xml`formats. (default: auto)--cache-dir CACHE_DIRthe directory to use as an HTTP cache for PyPI; usesthe `pip` HTTP cache by default (default: None)--progress-spinner {on,off}display a progress spinner (default: on)--timeout TIMEOUTset the socket timeout (default: 15)--path PATHSrestrict to the specified installation path forauditing packages; this option can be used multipletimes (default: [])-v, --verbosegive more output; this setting overrides the`PIP_AUDIT_LOGLEVEL` variable and is equivalent tosetting it to `debug` (default: False)--fixautomatically upgrade dependencies with knownvulnerabilities (default: False)--require-hashesrequire a hash to check each requirement against, forrepeatable audits; this option is implied when anypackage in a requirements file has a `--hash` option.(default: False)

退出代碼任務(wù)完成后， pip-audit將會(huì)退出運(yùn)行，并返回一個(gè)代碼以顯示其狀態(tài) ，其中：