Metadata-Version: 2.4
Name: cve-triage
Version: 0.1.0
Summary: A Python library that parses dependency lockfiles, queries vulnerability databases (OSV.dev), and enriches results with EPSS scores.
License: MIT
License-File: LICENSE
Keywords: security,vulnerability,cve,epss,osv,triage,dependency,lockfile
Author: Your Name
Author-email: your.email@example.com
Requires-Python: >=3.9,<4.0
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Dist: httpx (>=0.27.0,<0.28.0)
Requires-Dist: packageurl-python (>=0.11.0,<0.12.0)
Requires-Dist: pydantic (>=2.0,<3.0)
Project-URL: Homepage, https://github.com/yourusername/cve-triage
Project-URL: Repository, https://github.com/yourusername/cve-triage
Description-Content-Type: text/markdown

# cve-triage

`cve-triage` is a Python library that parses common dependency lockfiles, queries vulnerability databases (OSV.dev), and enriches the results with EPSS (Exploit Prediction Scoring System) scores. It returns structured, typed data optimized for programmatic consumption, CI/CD pipelines, and AI agent workflows.

## Problem Statement

Identifying and prioritizing vulnerable dependencies is a fragmented process. Existing tools are often CLI-focused, produce unstructured output, or lack exploitability context (EPSS). AI agents and automated security pipelines need a reliable, programmatic way to parse lockfiles, fetch vulnerabilities, and prioritize them using exploitability scores without dealing with raw API responses or scraping.

## Features

- **Lockfile Parsing:** Supports `requirements.txt`, `poetry.lock`, `package-lock.json`, and `go.sum`.
- **Vulnerability Querying:** Fetches known vulnerabilities via the OSV.dev API.
- **EPSS Enrichment:** Attaches EPSS scores and percentiles from FIRST.org to prioritize vulnerabilities.
- **Structured Output:** Returns fully typed Pydantic models, making it trivial to serialize to JSON for AI agents or APIs.
- **Asynchronous API:** Provides `async` methods for high-performance batch querying.
- **Configurable Thresholds:** Filter results by EPSS score or CVSS severity.

## Installation


