Skip to content

pipenv check --auto-install --scan fails #6405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BehnazMoradabadi opened this issue May 12, 2025 · 1 comment
Open

pipenv check --auto-install --scan fails #6405

BehnazMoradabadi opened this issue May 12, 2025 · 1 comment

Comments

@BehnazMoradabadi
Copy link

BehnazMoradabadi commented May 12, 2025

Issue description

pipenv check --auto-install --scan --use-installed --key -API_KEY fails with an output value error during the vulnerability scan.

Expected result

The command should successfully complete the vulnerability scan and display the results.

Actual result

Error: Invalid value for '--output' (env var: 'None'): <ScanOutput.SCREEN: 'screen'> is not one of 'json', 'spdx', '[email protected]', '[email protected]', 'html', 'screen', 'none'.

And if I run
pipenv check --auto-install --scan --use-installed --key API_KEY --ouput json

it gives

Checking PEP 508 requirements...
Passed!
Scanning installed packages for vulnerabilities...
Created temporary requirements file: /tmp/pipenv_safety_6j89ag78.txt
Wrong format for the JSON report.

Steps to replicate

pipenv check --auto-install --scan --use-installed --key -API_KEY


$ pipenv --support

Pipenv version: '2025.0.2'

Pipenv location: '/usr/local/lib/python3.12/site-packages/pipenv'

Python location: '/usr/local/bin/python3.12'

OS Name: 'posix'

User pip version: '25.0.1'

user Python installations found:

  • 3.12.8: /home/user/.local/share/virtualenvs/source-ULxectDb/bin/python3
  • 3.12.8: /home/user/.local/share/virtualenvs/source-ULxectDb/bin/python
  • 3.12.8: /usr/local/bin/python3
  • 3.12.8: /usr/local/bin/python

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.12.8',
 'os_name': 'posix',
 'platform_machine': 'aarch64',
 'platform_python_implementation': 'CPython',
 'platform_release': '5.15.49-linuxkit-pr',
 'platform_system': 'Linux',
 'platform_version': '#1 SMP PREEMPT Thu May 25 07:27:39 UTC 2023',
 'python_full_version': '3.12.8',
 'python_version': '3.12',
 'sys_platform': 'linux'}

System environment variables:

  • HOSTNAME
  • DEBUG
  • SHLVL
  • HOME
  • USER_SELF_API_ENDPOINT
  • PYTHONUNBUFFERED
  • GPG_KEY
  • APPLICATION_VERSION
  • PS1
  • PYTHON_SHA256
  • PYTHONDONTWRITEBYTECODE
  • DJANGO_SUPERUSER_PASSWORD
  • USER_IDENTITY_API_ENDPOINT
  • PIP_DISABLE_PIP_VERSION_CHECK
  • TERM
  • PATH
  • POSTGRES_HOST
  • PIPENV_ACTIVE
  • LANG
  • VIRTUAL_ENV_PROMPT
  • PYTHON_VERSION
  • PIP_PYTHON_PATH
  • VIRTUAL_ENV
  • PWD

Pipenv–specific environment variables:

  • PIPENV_ACTIVE: 1
@rubyisbeautiful
Copy link

I am getting a slightly different failure from CI environment, which seems related to safety output.

$ pipenv check --scan --auto-install
Courtesy Notice:
Pipenv found itself running within a virtual environment,  so it will automatically use that environment, instead of  creating its own for any project. You can set
PIPENV_IGNORE_VIRTUALENVS=1 to force pipenv to ignore that environment and create  its own instead.
You can set PIPENV_VERBOSITY=-1 to suppress this warning.
Checking PEP 508 requirements...
Passed!
Scanning Pipfile.lock packages for vulnerabilities...
Created temporary requirements file: /tmp/pipenv_safety_kcisj9k4.txt
Safety package is required for vulnerability scanning but not installed.
Installing safety...
Safety installed successfully!
Usage: safety [GLOBAL-OPTIONS] scan [OPTIONS]
Try 'safety scan --help' for help.

Error: Invalid value for '--output' (env var: 'None'): <ScanOutput.SCREEN: 'screen'> is not one of 'json', 'spdx', '[email protected]', '[email protected]', 'html', 'screen', 'none'.
`pipenv --support`

$ pipenv --support

$ pipenv --support

Pipenv version: '2025.0.2'

Pipenv location: '/home/semaphore/.pyenv/3.12/lib/python3.12/site-packages/pipenv'

Python location: '/home/semaphore/.pyenv/3.12/bin/python'

OS Name: 'posix'

User pip version: '25.0.1'

user Python installations found:

  • 3.12.9: /home/semaphore/.pyenv/3.12/bin/python
  • 3.12.9: /home/semaphore/.pyenv/3.12/bin/python3
  • 3.9.21: /usr/bin/python3.9
  • 3.9.21: /bin/python3.9
  • 3.8.10: /usr/bin/python
  • 3.8.10: /usr/bin/python3.8
  • 3.8.10: /usr/bin/python3
  • 3.8.10: /bin/python
  • 3.8.10: /bin/python3.8
  • 3.8.10: /bin/python3
  • 2.7.18: /usr/bin/python2
  • 2.7.18: /usr/bin/python2.7
  • 2.7.18: /bin/python2
  • 2.7.18: /bin/python2.7
  • 3.10.14: /usr/bin/pypy3
  • 3.10.14: /bin/pypy3
  • 2.7.18: /usr/bin/pypy
  • 2.7.18: /bin/pypy

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.12.9',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '5.15.0-134-generic',
 'platform_system': 'Linux',
 'platform_version': '#145~20.04.1-Ubuntu SMP Mon Feb 17 13:27:16 UTC 2025',
 'python_full_version': '3.12.9',
 'python_version': '3.12',
 'sys_platform': 'linux'}

System environment variables:

  • SHELL
  • IQX_AWS_TF_BACKEND_REGION
  • _KERL_ERL_CALL_REMOVABLE
  • NVM_INC
  • SEMAPHORE_GIT_COMMITTER
  • SEMAPHORE_GIT_COMMIT_RANGE
  • SEMAPHORE_PROJECT_NAME
  • SEMAPHORE_WORKFLOW_TRIGGERED_BY_SCHEDULE
  • _KERL_SAVED_REBAR_CACHE_DIR
  • PYTHON_VERSION
  • LANGUAGE
  • SEMAPHORE_GIT_REF_TYPE
  • SEMAPHORE_PROJECT_ID
  • SSH_AUTH_SOCK
  • SEMAPHORE_GIT_BRANCH
  • AWS_DEFAULT_REGION
  • SEMAPHORE_CACHE_URL
  • SSH_AGENT_PID
  • RBENV_SHELL
  • SEMAPHORE_WORKFLOW_TRIGGERED_BY_API
  • SEMAPHORE_CACHE_PRIVATE_KEY_PATH
  • AWS_REGION
  • PWD
  • SEMAPHORE_JOB_TYPE
  • LOGNAME
  • XDG_SESSION_TYPE
  • _KERL_PATH_REMOVABLE
  • SEMAPHORE_CACHE_BACKEND
  • MANPATH
  • SEMAPHORE_PIPELINE_RERUN
  • SEMAPHORE_GIT_REF
  • PHPBREW_HOME
  • REBAR_PLT_DIR
  • SEMAPHORE_GIT_WORKING_BRANCH
  • SEMAPHORE_PIPELINE_PROMOTION
  • SEMAPHORE_WORKFLOW_HOOK_SOURCE
  • MOTD_SHOWN
  • HOME
  • LANG
  • SEMAPHORE_GIT_DIR
  • VIRTUAL_ENV
  • SEMAPHORE_PIPELINE_ARTEFACT_ID
  • _KERL_REBAR_PLT_DIR_SET
  • ERL_AFLAGS
  • LC_TERMINAL
  • AWS_SECRET_ACCESS_KEY
  • SEMAPHORE_JOB_CREATION_TIME
  • ASDF_VERSION
  • SEMAPHORE_GIT_COMMIT_AUTHOR
  • SEMAPHORE_GIT_REPO_NAME
  • SEMAPHORE_CACHE_USERNAME
  • SEMAPHORE_WORKFLOW_TRIGGERED_BY
  • SSH_CONNECTION
  • SEMAPHORE_ERLANG_VERSION
  • GOROOT
  • SEMAPHORE_AGENT_MACHINE_TYPE
  • SEMAPHORE_GIT_URL
  • SEMAPHORE_WORKFLOW_RERUN
  • SEMAPHORE_JOB_NAME
  • PHPBREW_PATH
  • SEMAPHORE
  • NVM_DIR
  • SEMAPHORE_WORKFLOW_ID
  • SEMAPHORE_GIT_REPO_SLUG
  • TF_VERSION
  • PHPBREW_ROOT
  • SEMAPHORE_WORKFLOW_NUMBER
  • _KERL_SAVED_REBAR_PLT_DIR
  • XDG_SESSION_CLASS
  • TERM
  • ASDF_DIR
  • LIBVIRT_DEFAULT_URI
  • USER
  • SEMAPHORE_WORKFLOW_TRIGGERED_BY_MANUAL_RUN
  • USE_ROOT_UBUNTU_SOURCES
  • SEMAPHORE_ARTIFACT_TOKEN
  • SEMAPHORE_PIPELINE_ID
  • SEMAPHORE_GIT_PROVIDER
  • LC_TERMINAL_VERSION
  • DISPLAY
  • SHLVL
  • NVM_CD_FLAGS
  • SEMAPHORE_JOB_ID
  • SEMAPHORE_AGENT_MACHINE_ENVIRONMENT_TYPE
  • PAGER
  • AWS_ACCESS_KEY_ID
  • _KERL_ERL_AFLAGS_SET
  • XDG_SESSION_ID
  • VIRTUAL_ENV_PROMPT
  • _KERL_REBAR_CACHE_DIR_SET
  • SEMAPHORE_ORGANIZATION_URL
  • SEMAPHORE_AGENT_MACHINE_OS_IMAGE
  • SEMAPHORE_TOOLBOX_METRICS_ENABLED
  • XDG_RUNTIME_DIR
  • SSH_CLIENT
  • SEMAPHORE_GIT_SHA
  • REBAR_CACHE_DIR
  • PHPBREW_PHP
  • LC_ALL
  • SSH_PRIVATE_KEY_PATH
  • ELIXIR_VERSION
  • XDG_DATA_DIRS
  • PATH
  • _KERL_ACTIVE_DIR
  • SEMAPHORE_PIPELINE_0_ARTEFACT_ID
  • CI
  • _KERL_MANPATH_SET
  • DBUS_SESSION_BUS_ADDRESS
  • _KERL_MANPATH_REMOVABLE
  • NVM_BIN
  • SSH_TTY
  • SEMAPHORE_CACHE_ARCHIVE_METHOD
  • MIX_ARCHIVES
  • SEMAPHORE_WORKFLOW_TRIGGERED_BY_HOOK
  • SEMAPHORE_PIPELINE_PROMOTED_BY
  • OLDPWD
  • SEMAPHORE_SCALA_VERSION
  • BASH_FUNC_checksum%%
  • BASH_FUNC_checkout%%
  • _
  • PIP_DISABLE_PIP_VERSION_CHECK
  • PYTHONDONTWRITEBYTECODE

Pipenv–specific environment variables:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants