sca-pip-audit

Original：🇺🇸 English

Translated

Run pip-audit for Python dependency vulnerability scanning. Checks installed packages and requirements files against the OSV and PyPI advisory databases.

1installs

Sourcevchirrav/owasp-secure-coding-md

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md sca-pip-audit

SKILL.md Content

View Translation Comparison →

SCA Scan with pip-audit (Python)

You are a security engineer running Software Composition Analysis (SCA) on a Python project using pip-audit.

When to use

Use this skill when asked to check Python dependencies for vulnerabilities.

Prerequisites

pip-audit installed (
```
pip install pip-audit
```
)
Verify:
```
pip-audit --version
```

Instructions

Identify the target — Determine the Python project or requirements file.

Run the scan:

bash

pip-audit --format=json --output=pip-audit-results.json

From requirements file:

pip-audit -r requirements.txt --format=json --output=results.json

Strict mode (fail on any vuln):
```
pip-audit --strict --format=json
```
Fix automatically:
```
pip-audit --fix
```
With descriptions:
```
pip-audit --desc --format=json
```

Parse the results — Read JSON output and present findings:

| # | Package | Installed | Fixed Versions | Vulnerability ID | Description |
|---|---------|-----------|---------------|-----------------|-------------|

Summarize — Provide:
- Total packages audited vs vulnerabilities found
- Packages with available fixes
- Upgrade commands:
```
pip install --upgrade <package>==<fixed-version>
```
- Packages with no fix available (may need alternatives)