Hi,
I have a project with a dependency on a package hosted in a private index. The private index is a Google Artifact Registry.
This project uses a requirements.txt
file to handle the dependencies.
I'm authenticating through the keyring with the Google Artifact Registry backend. I'm authenticated and have the right permissions in Google Cloud.
I can install my private package without issue by providing the extra index url:
pip install --extra-index-url MY_INDEX_URL -r requirements/requirements.txt
However, when I run pip-audit with --extra-index-url it can't find the package:
pip-audit -vvvv --extra-index-url MY_INDEX_URL -r requirements/requirements.txt
I expected pip-audit to be able to analyze the dependencies (at least the public ones)
Actual behaviorpip-audit returns an error because it could not find the private package
Reproduction stepsrequirements.txt
file with a package hosted in a Google Artifact Registry with a correct setup of the keyringpip-audit -vvvv --extra-index-url MY_INDEX_URL -r requirements/requirements.txt
DEBUG:pip_audit._cli:parsed arguments: Namespace(local=False, requirements=[<_io.TextIOWrapper name='requirements/requirements.txt' mode='r' encoding='UTF-8'>], project_path=None, format=<OutputFormatChoice.Columns: 'columns'>, vulnerability_service=<VulnerabilityServiceChoice.Pypi: 'pypi'>, dry_run=False, strict=False, desc=<VulnerabilityDescriptionChoice.Auto: 'auto'>, aliases=<VulnerabilityAliasChoice.Auto: 'auto'>, cache_dir=None, progress_spinner=<ProgressSpinnerChoice.On: 'on'>, timeout=15, paths=[], verbose=4, fix=False, require_hashes=False, index_url=None, extra_index_urls=['MY_INDEX_URL'], skip_editable=False, no_deps=False, output=PosixPath('stdout'), ignore_vulns=[], disable_pip=False)
ERROR:pip_audit._virtual_env:internal pip failure: [...]
ERROR: Could not find a version that satisfies the requirement MY_PRIVATE_PACKAGE==X.Y.Z (from versions: none)
ERROR: No matching distribution found for MY_PRIVATE_PACKAGE==X.Y.Z
ERROR:pip_audit._cli:Failed to install packages: ['/var/folders/nl/jq_nzg654wn573pkhr9949xh0000gn/T/tmpful3a4s9/bin/python3.11', '-m', 'pip', 'install', '--no-input', '--extra-index-url', 'MY_INDEX_URL', '--dry-run', '--report', '/var/folders/nl/jq_nzg654wn573pkhr9949xh0000gn/T/tmpn0nqqkdw/tmpcz4kjwr9', '-r', 'requirements/requirements.txt']
Additional context
No response
OS name, version, and architectureMac OS 14.2.1 Apple Silicon & Ubuntu 22.04 x86_64
pip-audit version2.7.1
pip version24.0
Python version3.11
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4