pip-audit
« Back to VersTracker
Description:
Audits Python environments and dependency trees for known vulnerabilities
Type: Formula  |  Latest Version: 2.10.0@1  |  Tracked Since: Dec 18, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security python dependencies vulnerability auditing
Install: brew install pip-audit
About:
pip-audit is a command-line tool that scans Python project dependencies for known security vulnerabilities using the OSV and PyPI Advisory Database. It integrates seamlessly with pip and pip-tools workflows to block insecure packages during installation. The tool helps developers identify and remediate risks in their dependency trees quickly.
Key Features:
  • Scans dependencies against vulnerability databases (OSV, PyPI Advisory)
  • Supports requirements.txt, pyproject.toml, and pip-tools lock files
  • Provides CI/CD integration for automated security checks
  • Offers JSON output for programmatic processing
Use Cases:
  • Preventing vulnerable dependencies from being installed in CI pipelines
  • Auditing existing Python environments for known CVEs
Alternatives:
  • safety – Safety uses a proprietary vulnerability database and requires an API key for full features, while pip-audit is open-source and uses public databases
  • trivy – Trivy is a broader container and filesystem scanner, whereas pip-audit is specialized for Python dependency auditing
Version History
Detected Version Rev Change Commit
Dec 18, 2025 7:12pm 2.10.0 1 VERSION_BUMP d313e00a
Oct 28, 2025 2:07am 2 VERSION_BUMP 86070a47
Oct 9, 2024 8:22pm 2 VERSION_BUMP 87e3f2df
Sep 13, 2024 6:16am 2 VERSION_BUMP facfeb2c
« Back to VersTracker  |  Browse Packages  |  About