Python Security for AWS Lambda Functions AWS Lambda
Scan Python requirements.txt for CVEs in AWS Lambda. Prevent vulnerable pip packages from deploying to Lambda.
Python security for Lambda
Scan requirements.txt before packaging Lambda deployment artifacts.
# In buildspec.yml or GitHub Actions for Lambda: - pip install pip-audit - pip-audit -r requirements.txt - pip install -r requirements.txt -t ./package - cd package && zip -r ../deployment.zip .
✓ Manual Scan
For a quick one-off scan before deployment, paste your manifest into PackageFix — no pipeline setup needed.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
How do I add dependency scanning to AWS Lambda?
Add OSV Scanner or the ecosystem-specific audit tool to your AWS Lambda build configuration. The config snippet above works out of the box.
Does PackageFix integrate with CI/CD pipelines?
PackageFix is a browser tool for manual scans. For automated CI scanning, use OSV Scanner (Google) or pip-audit/npm audit in your pipeline. PackageFix generates the Renovate config and GitHub Actions workflow you can copy.
How do I fail a AWS Lambda build on critical CVEs?
Add --audit-level=critical to npm audit, or --fail-on=critical to pip-audit. The pipeline aborts if critical CVEs are found.
What is the OSV Scanner?
OSV Scanner is Google's open-source CLI tool that queries the same OSV database PackageFix uses. It's ideal for CI/CD integration.