Poetry: Check for security vulnerabilities

Created on 28 Mar 2019  Â·  3Comments  Â·  Source: python-poetry/poetry

  • [x] I have searched the issues of this repo and believe that this is not a duplicate.
  • [x] I have searched the documentation and believe that my question is not covered.

Feature Request

pipenv check scans for known security vulnerabilities in the dependancies. Poetry check does not seem to do that. Poetry should have a way to check for known security vulnerabilities.

picture Euphorbium
👍5 👎3 👀1

Most helpful comment

https://github.com/pyupio/safety completely solves my needs. No need to do this in poetry.

picture Euphorbium on 29 Mar 2019
👍4

All 3 comments

It’s a great idea for you to check for security vulnerabilities!

It’s out of scope though.

It’s not great for Poetry to assume what tool you want to use or your threshold for “OK.” There’s an argument to be made that building that in like that, without the user thinking about it, can provide a _false_ sense of security since it is only one kind of check.

hangtwenty picture hangtwenty on 28 Mar 2019

@Euphorbium you may be interested to join the discussion of ways to streamline dev tasks with Poetry; security linting for dependencies would be an example of a great task to have examples for.

https://github.com/sdispater/poetry/issues/241

hangtwenty picture hangtwenty on 28 Mar 2019

https://github.com/pyupio/safety completely solves my needs. No need to do this in poetry.

Euphorbium picture Euphorbium on 29 Mar 2019
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ambv picture ambv  Â·  3Comments
ulope picture ulope  Â·  3Comments
mozartilize picture mozartilize  Â·  3Comments
gazpachoking picture gazpachoking  Â·  3Comments
jhrmnn picture jhrmnn  Â·  3Comments