Safety can output the result of a vulnerability scan to a variety of different output formats. The default output is
screen output which prints the scan to the command line screen.
--output argument to configure which output format Safety generates.
--output command line argument can be set to the following values:
Available in versions
Safety will read the
SAFETY_COLOR environment variable to decide if the output style has to be disabled.
SAFETY_COLOR=0will disable all the styling in all the outputs.
The value of the variable is case insensitive. For instance, False, FALSE, or any other combination will mean the same to Safety.
--output screen (default) will print the results to the screen
--output text has the same format as
screen without any command line formatting and can be saved to a text file. For example
safety check --output screen > results.txt
Safety can generate a JSON output which is useful for parsing and analyzing the results of a scan.
safety check --output json --key <YOUR-API-KEY>
The resulting output is a JSON with the following sections:
report_meta contains meta information about the scan, such as timestamps, what was scanned, packages found and vulnerabilities found
scanned_packages is an array of packages (and versions) that were found during the scan
affected_packages is an array of packages that were found to have relevant vulnerabilities
vulnerabilities is an array of vulnerabilities that were found relating to the packages in the scan
ignored_vulnerabilities is an array of vulnerabilities that were found but were ignored via a command line argument or the safety policy file.
remediations an array of remediation (fix) recommendations for each package with relevant vulnerabilities.
announcements an array of announcements (messages) from the PyUp team. These are not generally related to the packages of vulnerabilities found, but rather are more general announcements, such as announcing a new version of the Safety scanner.
Bare output will return the names of packages found with vulnerabilities. This very basic (bare) output is a simplified version of the JSON output. This output is historical and maintained as such, but we recommend using screen, text or JSON output in general.
safety check --output bare --key <YOUR-API-KEY>
Updated 7 days ago
Next up, set up your Safety security policy file, where you can set thresholds for vulnerability severity, ignore specific vulnerabilities, and more