pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database (https://github.com/pypa/advisory-database) via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from Google. This is not an official Google product. Features Support for auditing local environments and requirements-style files …