huak icon indicating copy to clipboard operation
huak copied to clipboard

Published 20 hours ago verified publisher icon cnpryer

Basic audit command

Open cnpryer opened this issue 2 years ago • 3 comments

huak audit

Run huak audit to scan for packages in your project's virtual environment with known vulnerabilities.

cnpryer avatar Sep 01 '22 23:09 cnpryer

What should be used for the auditing? I guess there should be a offline DB if the tool should run offline, and if it can connect to the internet, it could update the internal DB.

ObiWanRohan avatar Sep 16 '22 16:09 ObiWanRohan

Could either work on something ourselves or rely on another project for security vuln db searches. I've got some non-huak work for a bit then I can get back to this to provide more info.

Definitely open to ideas as well!

cnpryer avatar Sep 16 '22 16:09 cnpryer

If you're looking for something less vague to just get your feet wet https://github.com/users/cnpryer/projects/5 is a good one. I'm thinking we can lean on an existing project and then evaluate Rust rewrites if there are any. Would be cool to have huak doc generate documentation from the project's docstrings.

cnpryer avatar Sep 16 '22 18:09 cnpryer