Safety is a command line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues.
If you are using something insecure, you’ll get a report on what exactly is affected.
See what is vulnerable
Safety CI integrates with your GitHub account, just like tests do. You’ll get a status on every pull request and on each and every commit – across all your branches.
See what exactly is wrong
If you are using a dependency with a known security vulnerability, checks on GitHub will fail and you’ll get a link to a page with details about the vulnerability. This allows you to check if you are affected and gives you all the details straight from the source.
Changelog v1.8.5 (2019-02-04)
- Wrap words in full report (Thanks @mgedmin)
- Added Dockerfile and readme instructions (Thanks @ayeks)
- Remove API dependency on pip (Thanks @benjaminp)
pip install safety
To check your currently selected virtual environment for dependencies with known security vulnerabilities, run:
You should get a report similar to this:
Copyright (c) 2016, pyup.io