vulnerabilities

Module to manage vulnerabilities

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

vulnerabilities - framework to manipulate vulnerabilities

The vulnerabilities module provides functions to manipulate security reports from various different tools.

Installation

Module vulnerabilities can be installed from PyPI using pip

pip install vulnerabilities

Download

vulnerabilities is available on PyPI https://pypi.org/project/vulnerabilities/

The documentation is hosted at: https://vulnerabilities.readthedocs.io/en/stable/

Code

The code and issue tracker are hosted on GitHub: https://github.com/damiencarol/vulnerabilities/

Features

Load reports from different tools - Anchore Grype - Bandit (https://github.com/PyCQA/bandit) - CycloneDX (https://cyclonedx.org/) - SARIF (https://www.oasis-open.org/committees/sarif/)

Quick example

Here’s a snapshot, just to give an idea about the power of the package. For more examples, look at the documentation.

Suppose you want to read data from Bandit in pandas. here is the code:

>>> from vulnerabilities.tools.bandit.parser import BanditParser
>>> findings = BanditParser().get_findings(open("tests/scans/bandit/report1.json"), None)
>>> import pandas as pd
>>> df = pd.DataFrame.from_dict(findings)
>>> df.loc[:,['title','severity','file_path','line']]
                                               title severity                  file_path  line
0  Using xml.sax to parse untrusted XML data is k...      Low  scripts/bandit/payload.py     1
1  Use of insecure MD2, MD4, MD5, or SHA1 hash fu...   Medium  scripts/bandit/payload.py     5
2  Use of insecure MD2, MD4, MD5, or SHA1 hash fu...   Medium  scripts/bandit/payload.py     9
3  Use of assert detected. The enclosed code will...      Low  scripts/bandit/payload.py    13

All parsers will produce the same data structure with the same attributes.

Contributing

We welcome many types of contributions - bug reports, pull requests (code, infrastructure or documentation fixes). For more information about how to contribute to the project, see the CONTRIBUTING.md file in the repository.

Author

The vulnerabilities module was written by Damien Carol <damien.carol@gmail.com> in 2021.

It is maintained by:

Damien Carol <damien.carol@gmail.com> 2021-

License

All contributions released under the BSD 3-Clause License.

Project details

These details have not been verified by PyPI

Project links

Homepage

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.0.5

May 4, 2022

0.0.4

Dec 22, 2021

0.0.2

Apr 14, 2021

0.0.2.dev0 pre-release

Apr 8, 2021

0.0.1

Apr 8, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vulnerabilities-0.0.5.tar.gz (430.7 kB view hashes)

Uploaded May 4, 2022 Source

Built Distribution

vulnerabilities-0.0.5-py2.py3-none-any.whl (11.1 kB view hashes)

Uploaded May 4, 2022 Python 2 Python 3

Hashes for vulnerabilities-0.0.5.tar.gz

Hashes for vulnerabilities-0.0.5.tar.gz
Algorithm	Hash digest
SHA256	`d900f56517b4f4cb8d22012a95b03c864e28c6bf8d3b352846bb4eca7f22fcf5`
MD5	`6ed38bc9004cdaf0e2d537378bd84594`
BLAKE2b-256	`c240d8ac2e48bdd4b6c6173bf431d69dfd64950fde679c367dbf0835b3bc9489`

Hashes for vulnerabilities-0.0.5-py2.py3-none-any.whl

Hashes for vulnerabilities-0.0.5-py2.py3-none-any.whl
Algorithm	Hash digest
SHA256	`417c181d9100e050140e39db7ee376054258a1f565345385ce3891d7735cb7ce`
MD5	`4e33e90aada23f1f3866e53fba2bb376`
BLAKE2b-256	`4d84b02d9c845365bc5f21c406100d24f4a6de7f644215177bca99d01ca3336f`