Skip to content

Quickstart

Run as a GitHub Action

steps:
  - uses: actions/checkout@v7
  - uses: Halfblood-Prince/trustcheck@v3
    with:
      target: requirements.txt
      policy: strict

This produces and uploads trustcheck-report.txt. The action fails when the configured policy fails. Set format: json for a JSON artifact.

Inspect the latest release

trustcheck inspect requests

Inspect a specific version

trustcheck inspect sampleproject --version 4.0.0

Show only known vulnerabilities

trustcheck scan sampleproject --version 4.0.0

Merge and enrich vulnerability intelligence

trustcheck scan jinja2 \
  --version 2.10.0 \
  --with-osv \
  --with-ecosystems \
  --osv-url https://advisories.example.com \
  --with-kev \
  --with-epss

Configured OSV-compatible providers run concurrently. Records are merged by advisory identifiers and aliases, then normalized with CVSS, CWE, fix-version, withdrawal, KEV, and EPSS fields.

Block a selected vulnerability class:

trustcheck scan -f requirements.txt --fail-on-vulnerability critical
trustcheck scan -f requirements.txt --fail-on-vulnerability kev
trustcheck scan -f requirements.txt --fail-on-vulnerability fixable

Require a known source repository

trustcheck inspect sampleproject \
  --version 4.0.0 \
  --expected-repo https://github.com/pypa/sampleproject

Show per-file evidence

trustcheck inspect sampleproject --version 4.0.0 --verbose

Inspect direct dependencies too

trustcheck inspect sampleproject --version 4.0.0 --with-deps

Inspect the full dependency tree

trustcheck inspect sampleproject --version 4.0.0 --with-transitive-deps

Scan a requirements-style file

trustcheck scan -f requirements.txt

Pip resolves the complete dependency set before trustcheck audits it. Nested requirements, constraints, hashes, editable installs, and VCS references are supported.

Verify and install dependencies

trustcheck install -r requirements.txt --policy strict
trustcheck install -r requirements.txt --lock trustcheck.lock
trustcheck install requests==2.32.5 --require-provenance

trustcheck install closes the check-to-install gap: it resolves the complete graph, verifies the selected wheels, fails before pip runs when policy fails, and installs only from a temporary local wheelhouse with --no-index and --find-links. Source distributions are rejected by default unless --allow-sdist is passed. Each run writes trustcheck.lock, trustcheck-install-report.json, and trustcheck-install-attestation.json.

Prioritize vulnerable packages by source usage

trustcheck impact -f requirements.lock --source .

Impact triage answers which vulnerable packages are directly imported, reachable through imported dependencies, test-only, development-only, not observed in project source, or unknown because dynamic loading is present. It never claims "not exploitable"; no first-party usage means only that static analysis did not observe usage. Dynamic imports, plugins, and runtime configuration still require manual review.

Resolve potentially untrusted input in Bubblewrap or Docker/Podman, with a wheel-only fallback when neither runtime is available:

trustcheck scan -f requirements.txt --sandbox auto

--sandbox auto is the default. --sandbox warn remains an explicit compatibility mode that preserves host pip behavior and warns that source metadata hooks may execute. The GitHub Action defaults to strict, which rejects editable, local non-wheel, VCS, direct non-wheel, and source-only requirements.

trustcheck scan -f requirements.txt --constraint constraints.txt

Scan a TOML dependency file

trustcheck scan -f pyproject.toml

Select extras and dependency groups:

trustcheck scan -f pyproject.toml --extra security --group test

Inspect a supported lockfile

trustcheck inspect -f uv.lock --with-transitive-deps

Supported lockfiles are PEP 751 pylock.toml and named pylock.<name>.toml files, Pipfile.lock, uv.lock, poetry.lock, and pdm.lock. Exact locked versions, source indexes, artifact URLs, sizes, and hashes are retained during inspection. Hash-pinned pip-tools output is recognized as a requirements input.

Scan a private index

trustcheck scan -f requirements.txt \
  --index-url https://username@packages.example.com/simple \
  --keyring-provider subprocess

Add --extra-index-url for each fallback index. Trustcheck stops by default when the same normalized project name exists on multiple configured indexes, which identifies a dependency-confusion opportunity.

Audit an installed environment

trustcheck environment

Audit an explicit environment without activating it:

trustcheck environment --path .venv/lib/python3.12/site-packages

Inspect artifact contents

trustcheck inspect sampleproject \
  --version 4.0.0 \
  --inspect-artifacts \
  --verbose

Artifact inspection is opt-in. It reads wheel and sdist archives without extracting them, importing modules, or executing package code. It validates RECORD, parses bounded Python source with ast, and inspects PE, ELF, and Mach-O structure, imports, signature-record presence, entropy, and embedded payload signatures. Add repeatable --trusted-project NAME values for local typosquatting references. Every malicious-package result is a heuristic review indicator, not proof of malware.

When dependency inspection is enabled, the text report adds a dependency summary with the number of declared and inspected dependencies, the maximum traversal depth, and the highest-risk dependency recommendation observed in the set. --with-deps inspects only direct dependencies. --with-transitive-deps continues recursively through nested dependencies too.

Emit machine-readable JSON

trustcheck inspect sampleproject --version 4.0.0 --format json

To emit combined JSON for every package in a requirements-style or TOML dependency file:

trustcheck scan -f requirements.txt --format json

Write SARIF or an SBOM

trustcheck scan -f requirements.txt \
  --format sarif \
  --output-file reports/trustcheck.sarif

trustcheck scan -f pylock.toml \
  --format cyclonedx-json \
  --output-file reports/trustcheck.cdx.json

Other formats are cyclonedx-xml, cyclonedx-1.7-json, cyclonedx-1.7-xml, spdx-json, spdx-3-json, openvex, and markdown.

To emit only the known vulnerability records in JSON:

trustcheck scan sampleproject --version 4.0.0 --format json

Enforce a conservative gate

trustcheck inspect sampleproject --version 4.0.0 --strict

What to look for

A strong result usually includes:

  • verified provenance for all discovered release artifacts
  • publisher identity details tied to a repository and workflow
  • no high-severity risk flags
  • no repository mismatch against your expected source

A weaker but still potentially acceptable result is metadata-only, which means trustcheck did not obtain a fully verified artifact set but also did not detect enough risk to escalate the release.

A review-required result can include packages that publish no provenance at all. That is weaker than a fully verified release, but it is intentionally distinct from stronger negative evidence such as failed verification or mismatched provenance.