Python ZIP Application Support

Description

Contributor guide

Tech stack

pythongo

Domain

backendsecurity

Issue type

feature

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

1-2 days

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

fresh

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

mostly clear

Prerequisites

Python packagingGo developmentTrivy internals

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

50

Research direction

Review the linked discussion (#4239) for design considerations. Study PEP 441 to understand the zipapp format. Examine Trivy's existing Python scanning code (e.g., in pkg/fanal/analyzer/analyzer python.go) to determine where to add zipapp support. Implement parsing of zipapp files to extract metadata and dependencies.