Development Status
- 5 - Production/Stable
Intended Audience
- Developers
- Information Technology
- System Administrators
- Telecommunications Industry
License
- OSI Approved :: MIT License
Natural Language
- English
Operating System
- MacOS
- Microsoft :: Windows
- POSIX :: Linux
Programming Language
- Python :: 3
- Python :: 3.9
- Python :: 3.10
- Python :: 3.11
- Python :: 3.12
- Python :: 3.13
- Python :: 3.14
Topic
- Security
[!NOTE] Come and join us at SafetyCLI. We are hiring for various roles.
Table of Contents
- Table of Contents
- Introduction
- Key Features
- Getting Started
- Service-Level Agreement (SLA)
- Detailed Documentation
- License
- Supported Python Versions
- Resources
Introduction
Safety CLI is a Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems. Safety CLI can be deployed in minutes and provides clear, actionable recommendations for remediation of detected vulnerabilities.
Leveraging the industry's most comprehensive database of vulnerabilities and malicious packages, Safety CLI Scanner allows teams to detect vulnerabilities at every stage of the software development lifecycle.
Key Features
- Versatile, comprehensive dependency security scanning for Python packages.
- Leverages Safety DB, the most comprehensive vulnerability data available for Python.
- Clear output with detailed recommendations for vulnerability remediation.
- Automatically updates requirements files to secure versions of dependencies where available, guided by your project's policy settings.
- Scanning of individual requirements files and project directories or system-wide scans on developer machines, CI/CD pipelines, and Production systems to detect vulnerable or malicious dependencies.
- JSON, SBOM, HTML and text output.
- Easy integration with CI/CD pipelines, including GitHub Actions.
- Enterprise Ready: Safety CLI can be deployed to large teams with complex project setups with ease, on-premise or as a SaaS product.
Getting Started
GitHub Action
- Test Safety CLI in CI/CD using our GitHub Action.
- Full documentation on the GitHub Action is available on our Documentation Hub.
Command Line Interface
1. Installation
- Install Safety on your development machine.
- Run
pip install safety.
2. Log In or Register
- Run your first scan using
safety scan. - If not authenticated, Safety will prompt for account creation or login.
- Use
safety authto check authentication status.
3. Running Your First Scan
- Navigate to a project directory and run
safety scan. - Safety will perform a scan and present results in the Terminal.
Basic Commands
safety --help: Access help and display all available commands.safety auth: Start authentication flow or display status.safety scan: Perform a vulnerability scan in the current directory.safety system-scan: Perform a scan across the entire development machine.safety scan --apply-fixes: Update vulnerable dependencies.
Service-Level Agreement (SLA)
We are committed to maintaining a high level of responsiveness and transparency in managing issues reported in our codebases. This SLA outlines our policies and procedures for handling issues to ensure timely resolutions and effective communication with our community.
Detailed Documentation
Full documentation is available at https://docs.safetycli.com.
Included in the documentation are the following key topics:
Safety CLI 3
- Introduction to Safety CLI 3
- Quick Start Guide
- Installation and Authentication
- Scanning for Vulnerable and Malicious Packages
- System-Wide Developer Machine Scanning
- Viewing Scan Results
- Available Commands and Inputs
- Scanning in CI/CD
- License Scanning
- Exit Codes
Vulnerability Remediation
Integration
- Securing Git Repositories
- GitHub
- GitHub Actions
- GitLab
- Git Post-Commit Hooks
- BitBucket
- Pipenv
- Docker Containers
Administration
Output
Miscellaneous
System status is available at https://status.safetycli.com
Further support is available by emailing support@safetycli.com.
License
Safety is released under the MIT License.
Upon creating an account, a 7-day free trial of our Team plan is offered to new users, after which they will be downgraded to our Free plan. This plan is limited to a single user and is not recommended for commercial purposes.
Our paid plans for commercial use begin at just $25 per seat per month and allow scans to be performed using our full vulnerability database, complete with 3x more tracked vulnerabilities and malicious packages than our free plan and other providers. To learn more about our Team and Enterprise plans, please visit https://safetycli.com/resources/plans or email sales@safetycli.com.
Supported Python Versions
Safety CLI 3 supports Python versions >=3.9. Further details on supported versions, as well as options to run Safety CLI on versions <3.9 using a Docker image are available in our Documentation Hub.
We maintain a policy of supporting all maintained and secure versions of Python, plus one minor version below the oldest maintained and secure version. Details on Python versions that meet these criteria can be found here: https://endoflife.date/python.
Resources
Wheel compatibility matrix
Files in release
authlib
(>=1.2.0)
click
(>=8.0.2)
dparse
(>=0.6.4)
filelock
(<4.0,>=3.16.1)
httpx
jinja2
(>=3.1.0)
marshmallow
(>=3.15.0)
nltk
(>=3.9)
packaging
(>=21.0)
pydantic
(>=2.6.0)
requests
ruamel-yaml
(>=0.17.21)
safety-schemas
(==0.0.16)
tenacity
(>=8.1.0)
tomli
tomlkit
typer
(>=0.16.0)
typing-extensions
(>=4.7.1)