safety is a tiny tool that checks your package’s dependencies for security vulnerabilities. It is free to use for open-source projects, and using it is as a pip install safety followed by safety check.
It checks a database of known security vulnerabilities. This database is only updated once every month, but if you are not open-source or you need access to the more frequently-updated database, then you can subscribe via pyup.
With that caveat, it’s not perfect, but it’s better than nothing. An easy CI win for open-source projects.
[I first learned of this tool here. Many thanks to calmcode for continuing to make these really useful videos.]