venomcheck

Version updated for https://github.com/nevoodoo/venomcheck to version v0.1.0-beta.1.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Venomcheck is a GitHub Action and CLI tool designed to scan Python dependencies for vulnerabilities while identifying their origin in the dependency chain. It addresses the common challenge of understanding why a vulnerable package is included in a project and whether it can be fixed through upgrades. Key capabilities include tracing transitive dependencies, identifying fixable vulnerabilities, handling monorepos, and providing actionable reports for improved dependency management.

What’s Changed

• chore: bump version to 0.1.0-beta.1 (#1) (24da963)
• docs: add context to uv/pip usage examples (df17e64)
• docs: restructure usage section with consistent format (67bf25e)
• docs: use common packages in example output (68b176b)
• feat: redesign README and trigger releases on PR merge (7a0af19)
• feat: add release workflow with auto-generated changelogs (ed4c9bc)
• docs: clarify dependency requirements for pip vs uv modes (0604043)
• docs: add origin and attribution section to README (a04cf14)
• feat: initial commit - venomcheck (fd1d5ee)

• nevoodoo
• GitHub Actions