Safety CLI: Apply security updates to requirements files
Available in safety versions
Available for pip requirement file scans (poetry and pipenv support coming soon).
Requires a PyUp API KEY
Applying security updates automatically
Safety can apply suggested security updates to scanned pip requirement files by including the
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates
will include an interactive prompt to guide you through updating package versions to more secure versions.
Set a threshold for applying fixes automatically
You can set the maximum version change that Safety will apply without user input using the
--auto-security-updates-limit (Short alias:
-asul) flag. This sets the maximum version update for applying fixes automatically without asking for user input. Possible values are:
major, minor, patch (default is value
As this is an upper limit, using
major is equivalent to automatically applying all the fixes without user input.
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor
This will update the requirements.txt file (and any other requirements files it references) with all the security remediations that are
patch updates. If a remediation requires a
major version update, then Safety will ask for user input if they want to make this change.
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul major
In this case as
major was passed, all the remediations will be automatically applied in the file and any of its recursive include files.
safety check --key <YOUR-API-KEY> -r dev.txt -r staging.txt --apply-security-updates -asul minor
Safety will update both of these files, automatically applying the remediations for
patch updates, and asking for confirmation for any
major version updates.
This option can also be set using the Safety policy file.
--no-prompt to skip any updates that require user input
If you want to ensure that Safety will not wait for user input, the
--no-prompt flag will apply all automatic fix updates that fall within the
--auto-security-updates-limit limit, and ignore those that require user input.
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor --no-prompt
This will apply all
minor version security updates to
requirements.txt and ignore any
major version updates, with no user input prompt.
Updated 30 days ago