Security vulnerability alerts for Python - support for requirements.txt with comments

Hello, first of all this is an awesome feature GH! Thanks!

Do you know if there is any further plan for supporting comments in the requirements.txt files? This is pip compatible syntax hence commonly used in many repositories.

Currently requirements.txt with comments are treated as invalid dependency source by GitHub Dependency Graph and unfortunately can not be detected as proper source for packages.

Example of requirements.txt with comments:

# Production dependencies
# Use pip install -r requirements.txt inside the virualenv

django==2.0

Many thanks!
Marcin

3 Likes

Hi @kawa-marcin,

So glad to hear you’re getting value from the security vulnerability alerts!

As for comment support in the requirements.txt files, I can’t make any promises, but we’re always working to improve GitHub, and we consider every suggestion we receive. I’ve logged your feedback in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

Please let me know if you have any other questions.

Cheers!