Safety checks your installed dependencies for known security vulnerabilities.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jwomers from gravatar.com jwomers Avatar for pypi_pyupio from gravatar.com pypi_pyupio Avatar for yeisonvargasjf from gravatar.com yeisonvargasjf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT license)
  • Author: pyup.io
  • Tags safety
Classifiers
Report project as malware

Project description

[![safety](https://raw.githubusercontent.com/pyupio/safety/master/safety.png)](https://pyup.io/safety/)

[![PyPi](https://img.shields.io/pypi/v/safety.svg)](https://pypi.python.org/pypi/safety)
[![Travis](https://img.shields.io/travis/pyupio/safety.svg)](https://travis-ci.org/pyupio/safety)
[![Updates](https://pyup.io/repos/github/pyupio/safety/shield.svg)](https://pyup.io/repos/github/pyupio/safety/)

Safety checks your installed dependencies for known security vulnerabilities

# Installation

Install `safety` with pip

```bash
pip install safety
```

# Usage

To check your currently selected virtual environment for dependencies with known security
vulnerabilites, run:

```bash
safety check
```

You should get a report similar to this:
```bash
╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
╞══════════════════════════════════════════════════════════════════════════════╡
│ No known security vulnerabilities found. │
╘══════════════════════════════════════════════════════════════════════════════╛
```

Now, let's install something insecure:

```bash
pip install insecure-package
```
*Yeah, you can really install that.*

Run `safety check` again:
```bash
╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
╞══════════════════════════╤═══════════════╤═══════════════════╤═══════════════╡
│ package │ installed │ affected │ source │
╞══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╡
│ insecure-package │ 0.1.0 │ <0.2.0 │ changelog │
╘══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╛
```

## From files
Just like pip, Safety is able to read local requirement files:

```bash
safety check -r requirements.txt
```

## From stdin
Safety is also able to read from stdin with the `--stdin` flag set.

To check a local requirements file, run:
```
cat requirements.txt | safety check --stdin
```

or the output of `pip freeze`:
```
pip freeze | safety check --stdin
```

or to check a single package:
```
echo "insecure-package==0.1" | safety check --stdin
```

## Travis

```
install:
- pip install safety

script:
- safety check
```

# How it Works


# Support

If you are using `safety` in one of your projects, please consider getting a paid
[pyup.io](https://pyup.io) account. This is what makes projects like this possible.


=======
History
=======

1.0.0 (2017-03-22)
------------------

* Added terminal size detection. Terminals with fewer than 80 columns should now display nicer reports.
* Added an option to load the database from the filesystem or a mirror that's reachable via http(s).
This can be done by using the --db flag.
* Added an API Key option that uses pyup.io's vulnerability database.
* Added an option to cache the database locally for 2 hours. The default still is to not use the cache. Use the --cache flag.


0.6.0 (2017-03-10)
------------------

* Made the requirements parser more robust. The parser should no longer fail on editable requirements
and requirements that are supplied by package URL.
* Running safety requires setuptools >= 16

0.5.1 (2016-11-08)
------------------

* Fixed a bug where not all requirement files were read correctly.

0.5.0 (2016-11-08)
------------------

* Added option to read requirements from files.

0.4.0 (2016-11-07)
------------------

* Filter out non-requirements when reading from stdin.

0.3.0 (2016-10-28)
------------------

* Added option to read from stdin.

0.2.2 (2016-10-21)
------------------

* Fix import errors on python 2.6 and 2.7.

0.2.1 (2016-10-21)
------------------

* Fix packaging bug.

0.2.0 (2016-10-20)
------------------

* Releasing first prototype.

0.1.0 (2016-10-19)
------------------

* First release on PyPI.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for jwomers from gravatar.com jwomers Avatar for pypi_pyupio from gravatar.com pypi_pyupio Avatar for yeisonvargasjf from gravatar.com yeisonvargasjf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT license)
  • Author: pyup.io
  • Tags safety
Classifiers

Release history Release notifications | RSS feed

3.4.0b7 pre-release

3.4.0b6 pre-release

3.4.0b5 pre-release

3.4.0b4 pre-release

3.4.0b3 pre-release

3.4.0b2 pre-release

3.4.0b1 pre-release

3.4.0b0 pre-release

3.3.1

3.3.1b0 pre-release

3.3.0

3.3.0b0 pre-release

3.2.14

3.2.13

3.2.12

3.2.11

3.2.10

3.2.9

3.2.8

3.2.7

3.2.6

3.2.5

3.2.4

3.2.3

3.2.2

3.2.1

3.2.0

3.1.0

3.0.1

3.0.0

3.0.0a2 pre-release

3.0.0a1 pre-release

2.4.0b2 pre-release

2.4.0b1 pre-release

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0 yanked

2.2.1

2.2.0

2.1.1

2.1.0

2.0.0

2.0b5 pre-release

2.0b4 pre-release

2.0b3 pre-release

2.0b2 pre-release

2.0b1 pre-release

1.10.3

1.10.2.post1

1.10.2

1.10.1

1.10.0

1.9.0

1.8.7

1.8.6

1.8.5

1.8.4

1.8.3

1.8.3b0 pre-release

1.8.2

1.8.1

1.8.0

1.7.0

1.6.1

1.6.0

1.5.1

1.5.0

1.4.1

1.4.0

1.3.0

1.2.0

1.1.1

1.1.0

1.0.2

1.0.1

This version

1.0.0

0.6.0

0.5.1

0.5.0

0.4.0

0.3.0

0.2.2

0.2.1

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

safety-1.0.0.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

safety-1.0.0-py2.py3-none-any.whl (12.0 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file safety-1.0.0.tar.gz.

File metadata

  • Download URL: safety-1.0.0.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for safety-1.0.0.tar.gz
Algorithm Hash digest
SHA256 5ebeb670d812dd39afe1506dd0236214a949555e19c53fbc95f27a773d6fe9a9
MD5 7b4a3f75e079d4d2ed772fed7fb80cd2
BLAKE2b-256 cb4c77552b3645bf54742b470c7089c4d0e4d32202cf860489a205e35f6929a2

See more details on using hashes here.

File details

Details for the file safety-1.0.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for safety-1.0.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 38f74e6a0bc9fb2aa9266920bb50127534671cc2f2e7d99c2bc9d9388d6596d3
MD5 fc8d574d7a2ff5d622a45f5a44dd8b5b
BLAKE2b-256 c6995c3d32753166fdadf37cf48b0af255a1834f2531d3481fe18861c877016d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page