Python - Pip, Pipenv
See a breakdown of the file formats and features supported in Python.
Debricked currently supports tracking Python dependencies via:
Pip, using the older requirements.txt files
Pipenv, using the newer Pipfile.lock files
file fingerprinting, to find dependencies not defined in manifest-files
Pip
For the fastest and most accurate results, a file containing the resolved dependency tree has to be created prior to scanning.
This can be done using the High Performance Scans technology in our Debricked CLI. By running the resolve command, the CLI automatically detects all manifest files without the recommended lock files and generates the files as needed. The first part of the name is based on the name of the file it was generated from:
Example: .requirements.txt.pip.debricked.lock
If at least one of the supported files is committed to your repository, it will be automatically scanned for dependencies when you have done any of our integrations to your CI/CD pipeline.
File fingerprinting
Debricked supports scanning for Python dependencies not defined in manifest files through file fingerprinting. Our database contains the hashes of .whl files as well as their unpacked contents (including .py files) for all packages in the Python package index (PyPI). This is used when comparing with the contents of your application, to ensure as accurate matches as possible. For more information on file fingerprinting and how to set it up, see file fingerprinting.
Supported file formats and features
Pip
requirements.txt
Yes
Pipenv
Pipfile
Pipenv
Pipfile.lock
Yes
-
fingerprinted files (.py, .txt, .sh, .c, .egg, .h and more**)
-
Last updated
