Getting started

Getting started with PyUp

This guide will take you through the implementation of securing your Python environments using PyUp. This documentation will guide you through implementing security scans in your systems so that you:

  • Know what you're using
  • Can implement security policies and processes in your teams
  • Are ensuring you are not open to any known dependency vulnerabilities

PyUp scans and protects your Python environments against dependency vulnerability and license compliance risk, including:

  • Your development environments and machines
  • Your testing and staging pipelines
  • Your git source control management systems including Github, Gitlab, and Bitbucket
  • Your production systems

First get an account

If you don't have one already you'll first need to get a PyUp account, which will give you access to an API key and our scanning and security tools.

Step 1: Secure your central git repository, or build pipelines

The best place to start scanning and securing your dependencies is in a central build process, or in your git central code management system like GitHub, Gitlab, or Bitbucket.

Implement security scans in your git source control management system.

Step 2: Secure your development machines

One of our core security principles is shift-left security, which means trying to scan your code for security vulnerabilities as early in the development lifecycle as possible.

Once you have your central build or repository scans set up, we recommend also scanning your development environments. The easiest way to do this is to add Safety CLI scan as a git post-commit hook.

Implement security scans on your development machines.

Step 3: For GitHub users, Integrate our PyUp Bot and Safety CI tool

PyUp has a direct GitHub integration that can automatically open pull requests with fixes to security vulnerabilities in your dependencies. To integrate this and learn more, see our GitHub Bot and Safety CI integration details


Did this page help you?