{"id":10334,"library":"uv-secure","title":"uv-secure","description":"uv-secure is a command-line tool designed to scan your uv.lock file for dependencies with known vulnerabilities. It provides a quick way to ensure your project's Python dependencies, managed by `uv`, are secure. The library is actively maintained with frequent releases, often including dependency updates and minor feature enhancements.","status":"active","version":"0.17.1","language":"en","source_language":"en","source_url":"https://github.com/owenlamont/uv-secure","tags":["security","vulnerability-scanning","uv","dependency-management","cli"],"install":[{"cmd":"pip install uv-secure","lang":"bash","label":"Install uv-secure"}],"dependencies":[{"reason":"uv-secure operates on `uv.lock` files, which are generated by the `uv` dependency manager.","package":"uv","optional":false}],"imports":[],"quickstart":{"code":"# First, ensure you have uv installed and a uv.lock file\n# pip install uv\n# cd your_project_directory\n# uv pip install -r requirements.txt\n# uv pip freeze > uv.lock\n\n# Then, run uv-secure\nuv-secure scan\n\n# Example with additional options (introduced in 0.16.0)\nuv-secure scan --min-severity critical --ignore-unfixed","lang":"bash","description":"To use `uv-secure`, you must first generate a `uv.lock` file for your project using `uv`. Once the lock file exists, simply run `uv-secure scan` in the same directory. Output will be printed to the console, detailing any found vulnerabilities. Additional flags allow filtering by severity or ignoring unfixed issues."},"warnings":[{"fix":"This is intended behavior. If you wish to ignore these, you can use the `.uv-secure-ignore` configuration file to explicitly silence reports for `uv-secure`'s internal dependencies if they are not relevant to your project's risk profile.","message":"Since version 0.16.0, `uv-secure` will also report vulnerabilities found in its own dependencies. This is by design to ensure the scanning tool itself is secure, but might be unexpected if you only anticipate reports on your project's direct dependencies.","severity":"gotcha","affected_versions":">=0.16.0"},{"fix":"Ensure you have `uv` installed and have run `uv pip install -r requirements.txt` (or similar) followed by `uv pip freeze > uv.lock` to create the necessary lock file before running `uv-secure`.","message":"`uv-secure` strictly requires a `uv.lock` file to be present in the directory where it's executed, or specified via the `--lock-file` option. If `uv` has not been used to generate this file, `uv-secure` will fail.","severity":"breaking","affected_versions":"All versions"},{"fix":"Review `uv-secure --help` and the official documentation for version 0.16.0 and later to understand and leverage the new filtering and ignore capabilities effectively in your CI/CD pipelines or local development.","message":"New filtering and configuration options, such as `--ignore-unfixed`, `--min-severity`, and `--error-on-unused-ignores`, were introduced in version 0.16.0. Users upgrading from earlier versions might miss these powerful controls for customizing scan reports and stricter compliance.","severity":"gotcha","affected_versions":">=0.16.0"}],"env_vars":null,"last_verified":"2026-04-17T00:00:00.000Z","next_check":"2026-07-16T00:00:00.000Z","problems":[{"fix":"Generate `uv.lock` using `uv`: `uv pip install -r requirements.txt && uv pip freeze > uv.lock`. Ensure you run `uv-secure scan` from the same directory where `uv.lock` resides or provide the path with `--lock-file PATH_TO_LOCK_FILE`.","cause":"`uv-secure` could not find the `uv.lock` file in the current directory or at the specified path.","error":"Error: No such file or directory: 'uv.lock'"},{"fix":"Install `uv-secure` via pip: `pip install uv-secure`. If it's already installed, ensure your shell's PATH includes the directory where Python installs scripts (e.g., `~/.local/bin` or a virtual environment's `bin` directory).","cause":"`uv-secure` is either not installed or its installation directory is not included in your system's PATH environment variable.","error":"uv-secure: command not found"},{"fix":"Consult `uv-secure --help` to see the list of valid options for your installed version. Check release notes if you recently updated the tool, as options might have changed.","cause":"You are using a command-line argument that is not recognized by the current version of `uv-secure`. This can happen if an option was removed, renamed, or you made a typo.","error":"Error: unrecognized arguments: --some-invalid-flag"}]}