Safety 2: Output formats

Safety can output the result of a vulnerability scan to a variety of different output formats. The default output is screen output which prints the scan to the command line screen.

Use the --output argument to configure which output format Safety generates.

The --output command line argument can be set to the following values: screen, text, json, and bare.

No styling

Available in versions >2.2.0

Safety will read the SAFETY_COLOR environment variable to decide if the output style has to be disabled.

SAFETY_COLOR=False or SAFETY_COLOR=0will disable all the styling in all the outputs.

The value of the variable is case insensitive. For instance, False, FALSE, or any other combination will mean the same to Safety.

Screen and text output

--output screen (default) will print the results to the screen

--output text has the same format as screen without any command line formatting and can be saved to a text file. For example safety check --output screen > results.txt

JSON output

Safety can generate a JSON output which is useful for parsing and analyzing the results of a scan.

safety check --output json --key <YOUR-API-KEY>

JSON structure

The resulting output is a JSON with the following sections:

report_meta contains meta information about the scan, such as timestamps, what was scanned, packages found and vulnerabilities found

scanned_packages is an array of packages (and versions) that were found during the scan

affected_packages is an array of packages that were found to have relevant vulnerabilities

vulnerabilities is an array of vulnerabilities that were found relating to the packages in the scan

ignored_vulnerabilities is an array of vulnerabilities that were found but were ignored via a command line argument or the safety policy file.

remediations an array of remediation (fix) recommendations for each package with relevant vulnerabilities.

announcements an array of announcements (messages) from the PyUp team. These are not generally related to the packages of vulnerabilities found, but rather are more general announcements, such as announcing a new version of the Safety scanner.

Bare output

Bare output will return the names of packages found with vulnerabilities. This very basic (bare) output is a simplified version of the JSON output. This output is historical and maintained as such, but we recommend using screen, text or JSON output in general.

safety check --output bare --key <YOUR-API-KEY>

What’s Next

Next up, set up your Safety security policy file, where you can set thresholds for vulnerability severity, ignore specific vulnerabilities, and more

Did this page help you?