I haven't used pulp so I am not sure but yes in theory. Several schemes are curr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		intense_feel on April 11, 2023 \| parent \| context \| favorite \| on: Aura – Python source code auditing and static anal... I haven't used pulp so I am not sure but yes in theory. Several schemes are currently supported via URIs (pypi://, git://, http(s):// etc...) so if the destination to scan can be formatted as one of the already supported URI schemes then you can already scan it. URI providers are also using plugin architecture so adding a new one for better integration with pulp (such as autodiscovering packages) should be trivial. Thank you for the suggestion, the pulp project looks interesting and I would definitely check it out!

westurner on April 14, 2023 [–]

Gitea can also (scan and build and test and) host python packages [1], conda packages [2], container images, etc.

[1] https://docs.gitea.io/en-us/usage/packages/pypi/

[2] https://docs.gitea.io/en-us/usage/packages/conda/

https:// URLs probably already solve for scanning Python packages hosted by Gitea and/or Pulp with Aura.

From https://news.ycombinator.com/item?id=33563857 :

> Additional lists of static analysis, dynamic analysis, SAST, DAST, and other source code analysis tools: https://news.ycombinator.com/item?id=24511280 https://analysis-tools.dev/tools?languages=python

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact