常用web漏洞扫描工具推荐漏洞扫描工具有哪些 _生活百科

对于pip-audit
pip-audit是一款功效宏大的安定缺点扫描东西，该东西重要对准Python情况，不妨扶助宏大接洽职员扫描和尝试Python包中的已知安定缺点。pip-audit运用了PythonPackagingAdvisory数据库PyPI *** ONAPI动作缺点汇报源。
功效引见
1、扶助对当地情况和依附组件（requirements作风文献）举行安定审批；
2、扶助多种缺点效劳（PyPI、OSV）；
3、扶助以CycloneDX XML或 *** ON *** 发送SBOM；
4、供给生人和呆板均可读的输入 *** （columnar、 *** ON）；
5、无缝接入 / 重用当地pip缓存；
东西安置
pip-audit鉴于Python开拓，且诉求当地情况为Python 3.7或革新本子。安置并摆设好Python情况之后，就不妨运用下列吩咐并经过pip来安置pip-audit了：
python -m pip install pip-audit第三方包
pip-audit的平常运转须要运用到多个第三方包，简直组件包称呼和本子如次图所示：
除此除外，咱们还不妨经过conda来安置pip-audit：
conda install -c conda-forge pip-audit
【常用web漏洞扫描工具推荐漏洞扫描工具有哪些】东西运用
咱们不妨径直将pip-audit以独力步调运转，或经过“python -m”运转：
pip-audit --helppython -m pip_audit --helpusage: pip-audit [-h] [-V] [-l] [-r REQUIREMENTS] [-f FORMAT] [-s SERVICE][-d] [-S] [--desc [{on,off,auto}]] [--cache-dir CACHE_DIR][--progress-spinner {on,off}] [--timeout TIMEOUT][--path PATHS] [-v] [--fix] [--require-hashes]audit the Python environment for dependencies with known vulnerabilitiesoptional arguments:-h, --helpshow this help message and exit-V, --versionshow program's version number and exit-l, --localshow only results for dependencies in the localenvironment (default: False)-r REQUIREMENTS, --requirement REQUIREMENTSaudit the given requirements file; this option can beused multiple times (default: None)-f FORMAT, --format FORMATthe format to emit audit results in (choices: columns,json, cyclonedx-json, cyclonedx-xml) (default:columns)-s SERVICE, --vulnerability-service SERVICEthe vulnerability service to audit dependenciesagainst (choices: osv, pypi) (default: pypi)-d, --dry-runwithout `--fix`: collect all dependencies but do notperform the auditing step; with `--fix`: perform theauditing step but do not perform any fixes (default:False)-S, --strictfail the entire audit if dependency collection failson any dependency (default: False)--desc [{on,off,auto}]include a description for each vulnerability; `auto`defaults to `on` for the `json` format. This flag hasno effect on the `cyclonedx-json` or `cyclonedx-xml`formats. (default: auto)--cache-dir CACHE_DIRthe directory to use as an HTTP cache for PyPI; usesthe `pip` HTTP cache by default (default: None)--progress-spinner {on,off}display a progress spinner (default: on)--timeout TIMEOUTset the socket timeout (default: 15)--path PATHSrestrict to the specified installation path forauditing packages; this option can be used multipletimes (default: [])-v, --verbosegive more output; this setting overrides the`PIP_AUDIT_LOGLEVEL` variable and is equivalent tosetting it to `debug` (default: False)--fixautomatically upgrade dependencies with knownvulnerabilities (default: False)--require-hashesrequire a hash to check each requirement against, forrepeatable audits; this option is implied when anypackage in a requirements file has a `--hash` option.(default: False)退出代码
工作实行后，pip-audit将会退出运转，并归来一个代码以表露其状况，个中：
0：未检验和测定到已知缺点；
1：检验和测定到了一个或多个已知缺点；
东西运用样例
审批暂时Python情况中的依附：
$ pip-auditNo known vulnerabilities found审批给定requirements文献的依附：
$ pip-audit -r ./requirements.txtNo known vulnerabilities found审批一个requirements文献，并废除体例包：
$ pip-audit -r ./requirements.txt -lNo known vulnerabilities found审批依附中创造的安定缺点：
$ pip-auditFound 2 known vulnerabilities in 1 packageNameVersion IDFix Versions----------- -------------- ------------Flask 0.5PYSEC-2019-179 1.0Flask 0.5PYSEC-2018-660.12.3审批依附（包括刻画）：
$ pip-audit --descFound 2 known vulnerabilities in 1 packageNameVersion IDFix Versions Description----------- -------------- ------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Flask 0.5PYSEC-2019-179 1.0The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded*** ON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.Flask 0.5PYSEC-2018-660.12.3The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides*** ON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.审批 *** ON *** 依附：

常用web漏洞扫描工具推荐漏洞扫描工具有哪些

推荐阅读

护士节的来历

白城到长春白城到长春客车时间表

好听的双胞胎男孩名字

炒猪肚用什么配菜好吃炒猪肚用什么配菜

立秋后的第一杯奶茶是什么意思?

请评教是什么意思网上评教是什么意思

依维柯宝迪edc灯消不掉怎么回事依维柯宝迪提示灯

怎么自制减肥营养餐

冰箱里放三天的饭菜还可以吃吗饭菜放冰箱三天能吃吗

西梅可以冷冻保存吗怎么吃西梅可以冷冻保存吗

三国程普怎么死的

绝地求生怎么跑绝地求生快速跑动按键详解

2020年07月14日双子座事业爱情运势

快手小店上传商品审核多久快手商品审核多长时间

汽车用品买什么是必备的买车以后有哪些重要的车用品

狮子座生日狮子座是几月份

机动车检验去哪里办理

十二星座专属配套服装

关于感恩节的作文600字

人生自古谁无死出自哪首诗人生自古谁无死

常用web漏洞扫描工具推荐 漏洞扫描工具有哪些

推荐阅读

常用web漏洞扫描工具推荐漏洞扫描工具有哪些