safety v1.8.5 releases: checks your installed dependencies for known security vulnerabilities

Safety is a command line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues.

If you are using something insecure, you’ll get a report on what exactly is affected.

See what is vulnerable

Safety CI integrates with your GitHub account, just like tests do. You’ll get a status on every pull request and on each and every commit – across all your branches.

See what exactly is wrong

If you are using a dependency with a known security vulnerability, checks on GitHub will fail and you’ll get a link to a page with details about the vulnerability. This allows you to check if you are affected and gives you all the details straight from the source.

Changelog v1.8.5 (2019-02-04)

  • Wrap words in full report (Thanks @mgedmin)
  • Added Dockerfile and readme instructions (Thanks @ayeks)
  • Remove API dependency on pip (Thanks @benjaminp)

Installation

pip install safety

Use

By default, it uses the open Python vulnerability database Safety DB but can be upgraded to use pyup.io’s Safety API using the –key option.

To check your currently selected virtual environment for dependencies with known security vulnerabilities, run:

safety check

You should get a report similar to this:

Example

Copyright (c) 2016, pyup.io
Source: https://github.com/pyupio/

Share