En

pip-audit Scan

Import pip-audit JSON scan report.

File Types

This parser expects a JSON file.

The parser can handle legacy and current JSON format.

The current format has added a dependencies element:

{
  "dependencies": [
    {
      "name": "pyopenssl",
      "version": "23.1.0",
      "vulns": []
    },
...
  ]
...
}

The legacy format does not include the dependencies key:

[
    {
        "name": "adal",
        "version": "1.2.2",
        "vulns": []
    },
...
]

Sample Scan Data

Sample pip-audit Scan scans can be found here.

pip-audit

Default Deduplication Hashcode Fields

By default, DefectDojo identifies duplicate Findings using these hashcode fields:

  • vuln id from tool
  • component name
  • component version
Prev
PHP Symfony Security Checker
Next
PMD Scan