and Pipfile - which is what i've switched to in recent projects, example[0] Alth... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nikcub on Nov 17, 2017 \| parent \| context \| favorite \| on: Security alerts on GitHub and Pipfile - which is what i've switched to in recent projects, example[0] Altho you can write to one of the other formats or read from it - you'd have to tell the scanner what the true build source is [0] https://github.com/kennethreitz/pipenv/blob/master/Pipfile

nerdwaller on Nov 17, 2017 [–]

I mentioned this elsewhere here, but check out `pipenv check`[0] and just run it in CI or as a precommit hook.

[0] https://docs.pipenv.org/advanced.html#detection-of-security-...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact