Skip to content
/ safety Public
forked from pyupio/safety

Safety checks your installed dependencies for known security vulnerabilities

pyup.io

License

MIT license
0 stars 141 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pombredanne/safety

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
.github
.github
 
 
safety
safety
 
 
tests
tests
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
HISTORY.rst
HISTORY.rst
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements_dev.txt
requirements_dev.txt
 
 
setup.cfg
setup.cfg
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

Note: Safety is currently in its early stages. It's likely that there are some false positives and missing packages.

PyPi Travis Updates

Safety checks your installed dependencies for known security vulnerabilities

Installation

Install safety with pip

pip install safety

Usage

To check your currently selected virtual environment for dependencies with known security vulnerabilites, run:

safety check

You should get a report similar to this:

╒══════════════════════════════════════════════════════════════════════════════╕
│                                                                              │
│                               /$$$$$$            /$$                         │
│                              /$$__  $$          | $$                         │
│           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           │
│          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           │
│         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           │
│          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           │
│          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           │
│         |_______/  \_______/|__/     \_______/   \___/   \____  $$           │
│                                                          /$$  | $$           │
│                                                         |  $$$$$$/           │
│  by pyup.io                                              \______/            │
│                                                                              │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT                                                                       │
╞══════════════════════════════════════════════════════════════════════════════╡
│ No known security vulnerabilities found.                                     │
╘══════════════════════════════════════════════════════════════════════════════╛

Now, let's install something insecure:

pip install insecure-package

Yeah, you can really install that.

Run safety check again:

╒══════════════════════════════════════════════════════════════════════════════╕
│                                                                              │
│                               /$$$$$$            /$$                         │
│                              /$$__  $$          | $$                         │
│           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           │
│          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           │
│         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           │
│          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           │
│          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           │
│         |_______/  \_______/|__/     \_______/   \___/   \____  $$           │
│                                                          /$$  | $$           │
│                                                         |  $$$$$$/           │
│  by pyup.io                                              \______/            │
│                                                                              │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT                                                                       │
╞══════════════════════════╤═══════════════╤═══════════════════╤═══════════════╡
│ package                  │ installed     │ affected          │ source        │
╞══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╡
│ insecure-package         │ 0.1.0         │ <0.2.0            │ changelog     │
╘══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╛

From files

Just like pip, Safety is able to read local requirement files:

safety check -r requirements.txt

From stdin

Safety is also able to read from stdin with the --stdin flag set.

To check a local requirements file, run:

cat requirements.txt | safety check --stdin

or the output of pip freeze:

pip freeze | safety check --stdin

or to check a single package:

echo "insecure-package==0.1" | safety check --stdin

Travis

install:
  - pip install safety

script:
  - safety check

How it Works

Support

If you are using safety in one of your projects, please consider getting a paid pyup.io account. This is what makes projects like this possible.

About

Safety checks your installed dependencies for known security vulnerabilities

pyup.io

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • Python 96.1%
  • Makefile 3.9%