Vulnerability Alert System

A Python script that scans project dependencies for security vulnerabilities and creates GitHub pull requests to remediate them automatically.

Capabilities

Scan and Create Pull Requests

• When scanning a requirements file with vulnerable packages, creates a GitHub pull request with updated package versions. @test
• When multiple vulnerabilities exist in the same package, creates a single pull request for that package. @test

Filter Alerts by Severity

• When a minimum severity threshold is configured, only creates pull requests for vulnerabilities at or above that threshold. @test

Implementation

@generates

API

def scan_and_create_prs(
    requirements_file: str,
    github_token: str,
    repo_owner: str,
    repo_name: str,
    min_cvss_severity: float = 0.0
) -> dict:
    """
    Scans a requirements file and creates GitHub PRs for vulnerabilities.

    Args:
        requirements_file: Path to the requirements.txt file
        github_token: GitHub personal access token with repo access
        repo_owner: GitHub repository owner username
        repo_name: Repository name
        min_cvss_severity: Minimum CVSS score (0.0-10.0) to create PR

    Returns:
        dict with 'prs_created' (int) and 'vulnerabilities_scanned' (int)
    """
    pass

Dependencies { .dependencies }

safety { .dependency }

Provides vulnerability scanning and GitHub integration for Python dependencies.