Safety CLI is PyUp's popular open-source command-line tool for scanning Python dependencies for security and compliance risks.
It's our swiss-army knife tool that can be used in a variety of ways and situations, from securing developer machines, to build pipelines and production systems.
Safety is available directly from PyPi, and is easy to install:
pip install safety
Once installed, in your command line navigate to the Python codebase you want to scan.
And now run the security scan using Safety:
safety check --key <your_api_key>
In this example, Safety is scanning your local Python environment for every package or dependency that is installed and checking it against our industry-leading Python Dependency Vulnerability database.
Safety can be configured in a variety of ways, including
What type of scan:
Scanning for security vulnerabilities in your dependencies
Scanning for open source licenses in your dependencies
The scan target:
Scanning specific requirements (or dependency files), like a requirements.txt file
Scanning every dependency installed in a Python environment (recommended)
The output format from the scan:
Safety can output a few different formats, including to the command line, text output, JSON, or bare (binary) output. It also returns exit codes based on the results of the scans, so that you can drop Safety into any Ci/CD pipelines.
Because Safety is so flexible in it's configurations, inputs and outputs, it can be used in a variety of cases, including:
- To scan your Python dependencies inside GitHub , GitLab and BitBucket
- Being inserted into any CI/CD build or testing pipeline
- Running locally in development environments, like adding a Safety to a git pre-commet hook
To read details documentation about Safety and its command-line options, head to its README on GitHub.
Updated 2 months ago