External/securelens-backend
1
0
Fork 0
mirror of https://github.com/Rarebuffalo/securelens-backend.git synced 2026-06-19 07:00:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

add github issue template for dependency lockfile auditor

Browse Source
This commit is contained in:
rarebuffalo
2026-06-12 19:37:00 +05:30
parent cf5c7d9b17
commit 67004b6584
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
.github/ISSUE_TEMPLATE/dependency_auditor.md vendored Normal file
View File

@@ -0,0 +1,21 @@
---
name: 'Feature: Dependency Lockfile Auditor'
about: Template for scanning package files against the OSV database.
title: 'Feature: Dependency Lockfile Auditor (securelens audit)'
labels: ['help wanted', 'enhancement', 'good first issue']
assignees: ''
---
## Description
We want to expand the CLI tool's capabilities to scan project dependencies for known vulnerabilities.
## Goal
Add a new CLI command `securelens audit <path>` that scans package descriptors (such as `requirements.txt` or `package.json`) and runs checks against the Open Source Vulnerability (OSV.dev) database API.
## Requirements
1. Parse common package files to extract dependency names and versions.
2. Submit query requests to the OSV API (`https://api.osv.dev/v1/query`).
3. Format the results in a clear CLI table using `rich` showing packages, affected versions, and severity.