Metadata-Version: 2.4
Name: security-use
Version: 0.1.1
Summary: Security scanning tool for dependencies and Infrastructure as Code
Project-URL: Homepage, https://github.com/security-use/security-use
Project-URL: Repository, https://github.com/security-use/security-use
Project-URL: Issues, https://github.com/security-use/security-use/issues
Author-email: Security Use <security@example.com>
License-Expression: MIT
Keywords: cloudformation,dependencies,iac,scanner,security,terraform,vulnerability
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Requires-Dist: click>=8.0.0
Requires-Dist: httpx>=0.25.0
Requires-Dist: packaging>=23.0
Requires-Dist: python-hcl2>=4.3.0
Requires-Dist: pyyaml>=6.0
Requires-Dist: rich>=13.0.0
Requires-Dist: tomli>=2.0.0; python_version < '3.11'
Provides-Extra: dev
Requires-Dist: mypy>=1.0.0; extra == 'dev'
Requires-Dist: pytest-asyncio>=0.21.0; extra == 'dev'
Requires-Dist: pytest>=7.0.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Requires-Dist: types-pyyaml>=6.0.0; extra == 'dev'
Description-Content-Type: text/markdown

# security-use

A security scanning library for Python projects. Provides vulnerability scanning for dependencies and Infrastructure as Code (IaC) files.

## Features

- **Dependency Scanning**: Detect known vulnerabilities (CVEs) in Python packages
- **IaC Scanning**: Find security misconfigurations in Terraform, CloudFormation, and other IaC formats
- **Automated Fixes**: Generate and apply fixes for detected issues

## Installation

```bash
pip install security-use
```

## Usage

### Command Line

```bash
# Scan dependencies
security-use scan deps /path/to/project

# Scan IaC files
security-use scan iac /path/to/terraform

# Scan everything
security-use scan all /path/to/project

# Auto-fix vulnerable dependencies
security-use fix /path/to/project
```

### Python API

```python
from security_use import scan_dependencies, scan_iac

# Scan dependencies
result = scan_dependencies("/path/to/project")

for vuln in result.vulnerabilities:
    print(f"{vuln.package}: {vuln.severity.value}")

# Scan IaC
result = scan_iac("/path/to/terraform")

for finding in result.iac_findings:
    print(f"{finding.rule_id}: {finding.title}")
```

## License

MIT
