Flask>=3.0,<4.0
Werkzeug>=3.0,<4.0  # password hashing (ships with Flask; pinned for clarity)
pyotp>=2.9,<3.0    # TOTP MFA (authenticator-app codes)
qrcode[pil]>=7.4   # render enrollment QR codes server-side
reportlab>=4.0,<5.0 # branded PDF report export (v7)
paramiko>=3.0,<4.0 # v13 Patch and Remedy: OS updates/upgrades over SSH
# v10r1 Docker scanning: the Docker Engine API client and CIS audit use only the
# Python stdlib (no extra packages). Per-image CVE scanning is optional and uses
# an EXTERNAL binary - Trivy (preferred) or Grype - if present on PATH. Install
# one of them on the NetscanXi host/container to enable image vulnerability
# scanning + SBOM. The Dockerfile installs Trivy automatically.
