tessl/pypi-pip-audit
A tool for scanning Python environments for known vulnerabilities
—
Pending
output-formats.mddocs/
Output Formats
Different ways to format and display audit results, from human-readable columnar output to machine-parseable JSON and CycloneDX SBOM formats.
Imports
import enum
from abc import ABC, abstractmethod
from pip_audit._service import Dependency, VulnerabilityResult
from pip_audit._fix import FixVersionCapabilities
Base Interface
Abstract base class for all output formats.
class VulnerabilityFormat(ABC):
"""
Represents an abstract string representation for vulnerability results.
"""
@property
@abstractmethod
def is_manifest(self) -> bool:
"""
Is this format a "manifest" format, i.e. one that prints a summary
of all results?
Manifest formats are always rendered emitted unconditionally, even
if the audit results contain nothing out of the ordinary
(no vulnerabilities, skips, or fixes).
"""
@abstractmethod
def format(
self,
result: dict[Dependency, list[VulnerabilityResult]],
fixes: list[FixVersion],
) -> str:
"""
Convert a mapping of dependencies to vulnerabilities into a string.
Parameters:
- result: dict mapping Dependency objects to lists of VulnerabilityResult
- fixes: list of FixVersion objects for resolved fixes
Returns:
Formatted string representation of the results
"""Columns Format
Human-readable columnar text output format.
class ColumnsFormat(VulnerabilityFormat):
"""
A columnar format for vulnerability reports.
Displays results in a table format with columns for package name, version,
vulnerability ID, and description.
"""
def __init__(self, output_desc: bool, output_aliases: bool):
"""
Create a new ColumnsFormat.
Parameters:
- output_desc: bool, flag to determine whether descriptions for each vulnerability should be included
- output_aliases: bool, flag to determine whether aliases (such as CVEs) should be included
"""JSON Format
Machine-readable JSON output format.
class JsonFormat(VulnerabilityFormat):
"""
A JSON format for vulnerability reports.
Outputs structured JSON data suitable for programmatic consumption.
"""
def __init__(self, output_desc: bool, output_aliases: bool):
"""
Create a new JsonFormat.
Parameters:
- output_desc: bool, flag to determine whether descriptions for each vulnerability should be included
- output_aliases: bool, flag to determine whether aliases (such as CVEs) should be included
"""Markdown Format
Markdown table output format.
class MarkdownFormat(VulnerabilityFormat):
"""
A Markdown format for vulnerability reports.
Outputs results as Markdown tables suitable for documentation.
"""
def __init__(self, output_desc: bool, output_aliases: bool) -> None:
"""
Create a new MarkdownFormat.
Parameters:
- output_desc: bool, flag to determine whether descriptions for each vulnerability should be included
- output_aliases: bool, flag to determine whether aliases (such as CVEs) should be included
"""CycloneDX Format
Software Bill of Materials (SBOM) format using CycloneDX standard.
class CycloneDxFormat(VulnerabilityFormat):
"""
A CycloneDX format for vulnerability reports.
Generates Software Bill of Materials (SBOM) in CycloneDX format,
including vulnerability information.
"""
@enum.unique
class InnerFormat(enum.Enum):
"""
Valid container formats for CycloneDX.
"""
Json = "JSON"
Xml = "XML"
def __init__(self, inner_format: InnerFormat):
"""
Create a new CycloneDxFormat.
Parameters:
- inner_format: InnerFormat, determines the container format used by CycloneDX
"""Usage Examples
Columnar Output
from pip_audit._format import ColumnsFormat
from pip_audit._audit import Auditor
from pip_audit._dependency_source import PipSource
from pip_audit._service import PyPIService
# Create audit components
service = PyPIService()
source = PipSource()
auditor = Auditor(service=service)
# Format results as columns
formatter = ColumnsFormat()
audit_results = auditor.audit(source)
output = formatter.format(audit_results)
print(output)JSON Output
from pip_audit._format import JsonFormat
from pip_audit._audit import Auditor
from pip_audit._dependency_source import RequirementSource
from pip_audit._service import OsvService
import json
# Create audit components
service = OsvService()
source = RequirementSource("requirements.txt")
auditor = Auditor(service=service)
# Format results as JSON
formatter = JsonFormat()
audit_results = auditor.audit(source)
json_output = formatter.format(audit_results)
# Parse and pretty print
data = json.loads(json_output)
print(json.dumps(data, indent=2))CycloneDX SBOM
from pip_audit._format import CycloneDxFormat
from pip_audit._audit import Auditor
from pip_audit._dependency_source import PyProjectSource
from pip_audit._service import PyPIService
# Create audit components
service = PyPIService()
source = PyProjectSource("pyproject.toml")
auditor = Auditor(service=service)
# Generate SBOM
formatter = CycloneDxFormat(spec_version="1.4", output_format="json")
audit_results = auditor.audit(source)
sbom = formatter.format(audit_results)
# Save to file
with open("sbom.json", "w") as f:
f.write(sbom)Custom Output File
from pip_audit._format import MarkdownFormat
from pip_audit._audit import Auditor
from pip_audit._dependency_source import PipSource
from pip_audit._service import PyPIService
# Create audit components
service = PyPIService()
source = PipSource()
auditor = Auditor(service=service)
# Write markdown output to file
with open("audit_report.md", "w") as f:
formatter = MarkdownFormat(output_file=f, skip_empty=True)
audit_results = auditor.audit(source)
formatter.format(audit_results)
print("Audit report written to audit_report.md")Install with Tessl CLI
npx tessl i tessl/pypi-pip-audit