Does pip-audit just search requirements.txt for known CVEs?
When looking for a way to shrink the attack surface for pypi package-typo-squatting, I came across a package called pip-audit on an article on the RedHat blog.
I attempted to use it, but I’m quite confused about how to use it when in diffe… Continue reading Does pip-audit just search requirements.txt for known CVEs?