Hello all, I would like to share Panoptisch, a FOSS(Free and Open Source Software) tool I've been working on.
We all may have encountered the issue of not having a clear dependency tree or not being sure of the modules our dependencies and sub-dependencies are using. Some of us may have also heard of supply chain attacks, where open source projects are hijacked to distribute malicious code masquerading as the original package. This can happen deep down in the dependency chain. Panoptisch was born out of the need to accurately verify the modules used in my project. It recursively scans a Python module or file to find modules used and exports a report in JSON which can be parsed for analysis. For example, should your yaml parser, or it's sub-dependencies import socket/os? should your markdown renderer or it's sub-dependencies import sys/importlib? *Probably not.* Panoptisch is in early stages, has known limitations and is looking for help! I would love feedback, contributions, and most important of all, rigorous testing! I would also love to help you integrate this tool in your workflow to write more secure software. Link: https://github.com/R9295/panoptisch Short Demo: https://www.youtube.com/watch?v=bDJWl_odXx0 Thanks and Regards, aarnav -- https://mail.python.org/mailman/listinfo/python-list