This plugin is designed to operate as part of Ochrona Security, a solution for validating the dependencies used in python projects.
Ochrona requires a license to operate. We offer a free-tier license which allows up to 25 scans per month. You can sign up for an API key at https://ochrona.dev.
Learn more at Ochrona.dev
This Extension adds the Ochrona
command which will detect all known python dependencies files and check them against Ochrona's repository of known python vulnerabilities.
In the command palette (CMD
+ SHIFT
+ P
), type Ochrona
.
Ochrona supports the following file types:
*requirements*.txt
Pipfile.lock
poetry.lock
A warning is displayed if a vulnerability is discovered.
A brief report is included in the VS Code Output tab for any discovered vulnerabilities.
You can re-run the plugin by clicking the Ochrona Status Bar Icon.
An Ochrona API key is required for use of this extension. You may register for a free license at Ochrona.dev.
To set this open the VS Code Settings (Code -> Preferences -> Settings) or (CMD
+ ,
)
- Short-circuit run if no files are found.
- Added support for
poetry.lock
files.
- Fixed bug in requirements.txt file parsing.
- Adding warning when API Key is missing.
- Stop spinner if request fails.
- Added new invalid requirements.txt patterns.
- Updated for new Ochrona API.
- Support for checking
*requirement*.txt
andPipfile.lock
files for known python vulnerabilities.