Getting started with Safety CLI

What is Safety Command Line Tool?

Safety CLI is PyUp's popular open-source command-line tool for scanning Python dependencies for security and compliance risks.

It's our swiss-army knife tool that can be used in a variety of ways and situations, from securing developer machines, to build pipelines and production systems.

Downloading Safety

Safety is available directly from PyPi, and is easy to install:
pip install safety

Running safety for the first time:

Once installed, in your command line navigate to the Python codebase you want to scan.

And now run the security scan using Safety:
safety check --key <your_api_key>

In this example, Safety is scanning your local Python environment for every package or dependency that is installed and checking it against our industry-leading Python Dependency Vulnerability database.

Safety's options and configurations:

Safety can be configured in a variety of ways, including

What type of scan:
Scanning for security vulnerabilities in your dependencies
Scanning for open source licenses in your dependencies

The scan target:
Scanning specific requirements (or dependency files), like a requirements.txt file
Scanning every dependency installed in a Python environment (recommended)

The output format from the scan:
Safety can output a few different formats, including to the command line, text output, JSON, or bare (binary) output. It also returns exit codes based on the results of the scans, so that you can drop Safety into any Ci/CD pipelines.

Integrate Safety into your systems

Because Safety is so flexible in it's configurations, inputs and outputs, it can be used in a variety of cases, including:

Read Safety's documentation

To read details documentation about Safety and its command-line options, head to its README on GitHub.

Updated 2 months ago

Did this page help you?