13 May 2019

CVE Scan for Pip Requirements file

by iammyr

I have contributed to the open source project cve-search by adding a feature to scan pip requirements files for CVE (leveraging the requirements-parser tool, as well).

How to use it

1. Install mongoDB. You might need to also add require 'rubygems' to the config file which on a mac (using brew) should be /usr/local/Homebrew/Library/Taps/mongodb/homebrew-brew/Formula/mongodb-community.rb
2. start mongoDB with brew services start mongodb-community@4.0
3. download cve-search git clone git@github.com:cve-search/cve-search.git
4. install its dependencies (better to use virtualenv but it’s up to you): pip install -r requirements.txt
5. run ./bin/search.py -q <path to the pip requirements file to scan>

tags: open-source, - 3rd-vulnerabilities, - cve