Skip to content

Latest commit

 

History

History
17 lines (13 loc) · 813 Bytes

python_osv.md

File metadata and controls

17 lines (13 loc) · 813 Bytes

Python OSV Scanner

Finds vulnerable dependencies in a Python project. By default, PythonOSV Scanner pulls advisory information from OSV - Database for open source vulnerabilities to compare against the dependencies found in requirements.txt.

Configuration

When a CVE is present in a dependency, the best course of action is to upgrade the dependency to a patched version. However, if there is currently no patch available or its a false positive you can use the following configuration option to ignore a particular CVE.

scanner_configs:
  PythonOSV:
    exceptions:
      - advisory_id: CVE-2020-26945
        changed_by: security-team
        notes: Currently no patch exists and determined that this vulnerability is not exploitable.
        expiration: "2022-12-31"