'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-safety
tessl install tessl/pypi-safety@3.6.0Scan dependencies for known vulnerabilities and licenses.
Agent Success
Agent success rate when using this tile
61%
Improvement
Agent success rate improvement when using this tile compared to baseline
1.39x
Baseline
Agent success rate without this tile
44%
task.mdevals/scenario-4/
Security Scanner Integration Tool
Build a Python command-line tool that integrates with a dependency vulnerability scanner to generate comprehensive security reports that include announcements, warnings, and scan results.
Overview
Your tool should scan Python dependencies for vulnerabilities and capture all security announcements, notifications, and warnings that the scanner provides. The output should be parsed and formatted into a structured report that security teams can review.
Requirements
Core Functionality
The tool must perform the following:
-
Execute Vulnerability Scan: Run a dependency vulnerability scan on a given requirements file or project directory.
-
Capture Announcements: Extract any security announcements or platform notifications returned by the scanner.
-
Capture Local Warnings: Identify and collect local warnings such as:
- Unpinned requirements warnings
- Invalid version format warnings
- Other scan-related warnings
-
Generate Report: Create a structured JSON report containing:
- Total number of announcements received
- List of announcement messages with their types
- Total number of local warnings
- List of warning messages with their categories
- Scan status (success/failure)
- Timestamp of the scan
Implementation Details
- Your tool should accept a command-line argument for the target path to scan
- Use JSON output format for machine-readable results
- Handle cases where no announcements or warnings are present
- Properly categorize different types of notifications (announcements vs. warnings)
Output Format
The tool should output a JSON structure like:
{
"scan_timestamp": "2025-12-31T17:45:00Z",
"scan_status": "completed",
"announcements": {
"count": 2,
"items": [
{
"type": "security",
"message": "New vulnerability database available"
}
]
},
"warnings": {
"count": 3,
"items": [
{
"category": "unpinned_requirements",
"message": "Package 'requests' is not pinned to a specific version"
}
]
}
}Test Cases
- Given a requirements file with pinned versions, the tool runs a scan and reports zero unpinned warnings @test
- Given a requirements file with unpinned versions (e.g., "requests" without version), the tool detects and reports unpinned requirement warnings @test
- Given a valid project directory, the tool successfully captures any security announcements from the platform @test
- Given scan output with both announcements and warnings, the tool correctly categorizes and counts each type @test
Implementation
@generates
API
def run_scan(target_path: str) -> dict:
"""
Execute a vulnerability scan and capture all announcements and warnings.
Args:
target_path: Path to requirements file or project directory to scan
Returns:
dict: Structured report containing scan results, announcements, and warnings
Raises:
ValueError: If target_path does not exist
RuntimeError: If scan execution fails
"""
pass
def parse_scan_output(scan_output: str) -> dict:
"""
Parse scanner output to extract announcements and warnings.
Args:
scan_output: Raw output from the vulnerability scanner
Returns:
dict: Parsed announcements and warnings with counts and categorization
"""
pass
def generate_report(scan_data: dict) -> str:
"""
Generate a formatted JSON report from scan data.
Args:
scan_data: Dictionary containing scan results, announcements, and warnings
Returns:
str: JSON-formatted report string
"""
passDependencies { .dependencies }
safety { .dependency }
Provides dependency vulnerability scanning with announcements and notification capabilities.
@satisfied-by