-
-
Notifications
You must be signed in to change notification settings - Fork 127
Simple Vulnerability Scanner
CarterPerez-dev edited this page Feb 11, 2026
·
1 revision
Go-based Python dependency security scanner that checks for outdated packages and known CVEs.
angela is a CLI tool that scans Python projects for outdated dependencies and known security vulnerabilities. It reads pyproject.toml or requirements.txt, checks PyPI for latest versions, queries OSV.dev for CVEs, and updates dependency files while preserving comments and formatting.
Status: Complete | Difficulty: Beginner
| Technology | Version | Purpose |
|---|---|---|
| Go | 1.24+ | Core language |
| Cobra | - | CLI framework |
| pelletier/go-toml | - | TOML parsing |
| PyPI Simple API | PEP 691 | Package metadata |
| OSV.dev API | - | Vulnerability database |
- Scan
pyproject.tomlandrequirements.txtfor outdated dependencies - Query OSV.dev for known CVEs with severity levels (CRITICAL, HIGH, MODERATE, LOW)
- Update dependency versions in-place, preserving comments and formatting
- Dry-run mode to preview changes before applying
- File-based caching with ETag support and TTL expiration
- Concurrent workers with bounded concurrency via errgroup
| Command | Description |
|---|---|
scan |
Check for outdated packages and vulnerabilities |
check |
Dry run β show what would change |
update |
Update dependency versions in-place |
update --vulns |
Update and scan for vulnerabilities |
cache clear |
Clear the local cache |
- Supply chain attacks (PyTorch torchtriton compromise, 2022)
- Dependency confusion and typosquatting
- CVE tracking across transitive dependencies
- PEP 440 version parsing for accurate resolution
cmd/angela/main.go (Entry point)
β
internal/cli/ (Cobra commands + output formatting)
β
ββββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ
β pypi/ β osv/ β pyproject/ β
β PyPI Simple β OSV.dev β TOML parser β
β API client β batch CVE β + writer β
β + cache β queries β (preserves β
β (ETag/TTL) β β comments) β
ββββββββββββββββΌβββββββββββββββΌβββββββββββββββ€
β version.go β client.go β parser.go β
β PEP 440 β β writer.go β
β parser β β β
ββββββββββββββββ΄βββββββββββββββ΄βββββββββββββββ
β
internal/ui/ (Terminal colors and spinners)
cd PROJECTS/beginner/simple-vulnerability-scanner
# Install Go dependencies
go mod download
# Scan test data
go run ./cmd/angela scan --file testdata/pyproject.toml
# Check what would change (dry run)
go run ./cmd/angela check --file testdata/pyproject.toml
# Update dependencies
go run ./cmd/angela update --file testdata/pyproject.toml
# Update and scan for vulnerabilities
go run ./cmd/angela update --vulns --file testdata/pyproject.tomlsimple-vulnerability-scanner/
βββ cmd/angela/
β βββ main.go # Entry point
βββ internal/
β βββ cli/ # Cobra commands and output
β β βββ update.go
β β βββ output.go
β βββ pypi/ # PyPI API client
β β βββ client.go # HTTP client with caching
β β βββ cache.go # File-based cache (ETag)
β β βββ version.go # PEP 440 version parser
β βββ osv/ # Vulnerability scanner
β β βββ client.go # Batch CVE queries
β βββ pyproject/ # TOML parser/writer
β βββ requirements/ # requirements.txt parser
β βββ config/ # Configuration loader
β βββ ui/ # Terminal colors/spinners
βββ pkg/types/ # Shared type definitions
βββ testdata/ # Sample files
βββ Justfile
βββ .golangci.yml
# Run tests
go test ./...
# Lint
golangci-lint run
# Build
go build -o angela ./cmd/angelaΒ©AngelaMos | CertGames.com | CarterPerez-dev | 2026