hghhgh · Albertsama81 · Feb 6, 2026
diff --git a/200/app/api/security_scan.py b/200/app/api/security_scan.py
@@ -0,0 +1,28 @@
+# app/api/security_scan.py
+from fastapi import APIRouter, HTTPException
+from app.core.dependency_scan import check_vulnerabilities
+
+router = APIRouter()
+
+@router.get("/security/dependency-scan")
+def dependency_scan():
+    try:
+        vulnerabilities = check_vulnerabilities()
+    except Exception as e:
+        raise HTTPException(
+            status_code=500,
+            detail=str(e)
+        )
+
+    if vulnerabilities:
+        raise HTTPException(
+            status_code=409,
+            detail={
+                "message": "Vulnerable dependencies detected",
+                "count": len(vulnerabilities),
+                "vulnerabilities": vulnerabilities,
+                "action": "Update or patch affected packages"
+            }
+        )
+
+    return {"status": "clean"}
diff --git a/200/app/core/dependency_scan.py b/200/app/core/dependency_scan.py
@@ -0,0 +1,21 @@
+# app/core/dependency_scan.py
+import subprocess
+import json
+
+def check_vulnerabilities():
+    result = subprocess.run(
+        ["pip-audit", "--format", "json"],
+        capture_output=True,
+        text=True
+    )
+
+    # اگر pip-audit اجرا نشد
+    if result.returncode not in (0, 1):
+        raise RuntimeError(f"Dependency scan execution failed: {result.stderr}")
+
+    # returncode == 1 یعنی vulnerability پیدا شده
+    if result.stdout:
+        data = json.loads(result.stdout)
+        return data.get("vulnerabilities", [])
+
+    return []
diff --git a/200/app/main.py b/200/app/main.py
@@ -0,0 +1,7 @@
+# app/main.py
+from fastapi import FastAPI
+from app.api import security_scan
+
+app = FastAPI()
+
+app.include_router(security_scan.router)
diff --git a/200/requirments.txt b/200/requirments.txt
@@ -0,0 +1,6 @@
+fastapi
+uvicorn
+pip-audit
+python-multipart
+requests
+setuptools