Check for security vulnerabilities

[Euphorbium]

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

Feature Request

pipenv check scans for known security vulnerabilities in the dependancies. Poetry check does not seem to do that. Poetry should have a way to check for known security vulnerabilities.

[floer32]

It’s a great idea for you to check for security vulnerabilities!

It’s out of scope though.

It’s not great for Poetry to assume what tool you want to use or your threshold for “OK.” There’s an argument to be made that building that in like that, without the user thinking about it, can provide a false sense of security since it is only one kind of check.

[floer32]

@Euphorbium you may be interested to join the discussion of ways to streamline dev tasks with Poetry; security linting for dependencies would be an example of a great task to have examples for.

#241

[Euphorbium]

https://github.com/pyupio/safety completely solves my needs. No need to do this in poetry.

[MisterGlass]

If anyone is looking to do this, you can use this bash one liner to run a check:
poetry export --without-hashes -f requirements.txt | safety check --full-report --stdin

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.