A curated database of insecure Python packages
Project description
[![safety](https://raw.githubusercontent.com/pyupio/safety-db/master/safety-db.png)](https://pyup.io/safety/)
## What is Safety DB?
Safety DB is a database of known security vulnerabilities in Python packages. The data is made available by [pyup.io](https://pyup.io/) and synced with this repository once per month. Most of the entries are found by filtering CVEs and changelogs for certain keywords and then manually reviewing them.
## Tools
- [Safety CI](https://pyup.io/safety/ci/) is a deep GitHub integration that's available on pyup.io. It checks your commits and Pull Requests.
- [Safety](https://pyup.io/safety/) is a command line tool that checks virtualenvironments and requirement files either locally or on a CI server.
- [Safety Django](https://pyup.io/safety/django/) is a package for Django that warns you in the admin area if your installed Django release is insecure.
- [Safety Bar](https://github.com/pyupio/safety-bar) (alpha) is a macOS menubar application.
- A [pre-commit hook](https://github.com/Lucas-C/pre-commit-hooks-safety) by Lucas Cimon.
- *your tool?*
## Installation
```sh
pip install safety-db
```
## Usage
```python
from safety_db import INSECURE, INSECURE_FULL
```
## What is this not?
This is not a hall of shame, or a list of packages to avoid. The package maintainers show a great responsibility by documenting and fixing security issues in such a way that they can be listed here. That's extremely valuable when considering using a package in production.
## Using this data
For humans:
- There's a small website available that lets you browse the data: https://pyupio.github.io/safety-db/
For robots:
Check out the `data` directory:
- [insecure.json](https://github.com/pyupio/safety-db/blob/master/data/insecure.json) contains just the package name and all insecure releases as a plain list.
- [insecure_full.json](https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json) additionally contains the CVE description and URLs, or the relevant part of the changelog.
The database is licensed under [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). This allows you to use the data in any non commercial project as long as you link back to this repo. If you need a license for a commercial project, please contact support@pyup.io.
## What is Safety DB?
Safety DB is a database of known security vulnerabilities in Python packages. The data is made available by [pyup.io](https://pyup.io/) and synced with this repository once per month. Most of the entries are found by filtering CVEs and changelogs for certain keywords and then manually reviewing them.
## Tools
- [Safety CI](https://pyup.io/safety/ci/) is a deep GitHub integration that's available on pyup.io. It checks your commits and Pull Requests.
- [Safety](https://pyup.io/safety/) is a command line tool that checks virtualenvironments and requirement files either locally or on a CI server.
- [Safety Django](https://pyup.io/safety/django/) is a package for Django that warns you in the admin area if your installed Django release is insecure.
- [Safety Bar](https://github.com/pyupio/safety-bar) (alpha) is a macOS menubar application.
- A [pre-commit hook](https://github.com/Lucas-C/pre-commit-hooks-safety) by Lucas Cimon.
- *your tool?*
## Installation
```sh
pip install safety-db
```
## Usage
```python
from safety_db import INSECURE, INSECURE_FULL
```
## What is this not?
This is not a hall of shame, or a list of packages to avoid. The package maintainers show a great responsibility by documenting and fixing security issues in such a way that they can be listed here. That's extremely valuable when considering using a package in production.
## Using this data
For humans:
- There's a small website available that lets you browse the data: https://pyupio.github.io/safety-db/
For robots:
Check out the `data` directory:
- [insecure.json](https://github.com/pyupio/safety-db/blob/master/data/insecure.json) contains just the package name and all insecure releases as a plain list.
- [insecure_full.json](https://github.com/pyupio/safety-db/blob/master/data/insecure_full.json) additionally contains the CVE description and URLs, or the relevant part of the changelog.
The database is licensed under [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). This allows you to use the data in any non commercial project as long as you link back to this repo. If you need a license for a commercial project, please contact support@pyup.io.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
safety-db-2017.4.19.tar.gz
(93.0 kB
view hashes)
Built Distribution
Close
Hashes for safety_db-2017.4.19-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8052634809ed3a02eb95b7f6c0fc7c485424a50a2c35f03d727b0b0fe530132e |
|
MD5 | de25dd070d70c17aaaae9b551ed8af23 |
|
BLAKE2b-256 | 99f42ceadae6059942cbae3d66a789f70dbf871cc9230eacc79ab00d4902bb88 |