Python dependency security
Keep your Python dependencies secure and compliant using our industry-leading Python security tools.
We monitor, scan and secure your Python dependencies so that you can use open source with confidence.
Trusted by thousands of teams around the world
Use open source.
We'll keep you secure.
-
Dependencies are a security risk
- Our Cybersecurity Intelligence Team tracks and analyzes 419,855 Python dependencies for vulnerabilities, so that you don't have to.
Never deploy known vulnerabilities again, and be confident that new vulnerabilities will be fixed. -
Build with confidence
- Scan your developer environments, pipelines and production systems for dependency security vulnerabilities.
Get automated pull request fixes in GitHub, use our Safety CI to catch vulnerabilities before code reaches production, and integrate our Safety command line tools to protect your developer machines and your CI/CD workflows.
Deep scans of all your Python Environments
Scan all your environments, including transitives and recursive dependency installations on:
• Developer machines
• CI/CD pipelines
• git source control management - GitHub, GitLab, and Bitbucket
• Production systems
Know exactly what dependencies you're using, everywhere.
Integrates into your git source control repos
Safety CI scans of every new branch or pull request that your team makes.
Get automated pull requests with instant fixes to security vulnerabilities and upgrades to your Python dependencies.
PyUp's tools integrate into GitHub, Gitlab and Bitbucket.
Clear, actionable fix recommendations
Get clear and actionable fix recommendations (or even an automated fix pull request), all powered by PyUp's leading Dependency Vulnerability Database.
Whether using our integrated GitHub tools or our Safety Command line tool to scan and secure your Python environments, we give you clear, actionable fix and upgrade recommendations for dependencies that have security vulnerabilities.
Industry-leading security data
Staying secure is easy with the best Python vulnerability data out there.
Industry-leading Vulnerability Database
Be secured by our industry-leading Python Vulnerability Database, which goes beyond public CVE data.
Detailed vulnerability data
Triaging and fixing vulnerabilities is easy with our manually vetted CVSS severity information, package version recommendations and more.
Clear and actionable fix recommendations
Rely on clear and actionable recommendations for secure package versions based on your system and context.
Access our Cybersecurity Intelligence Team
Our Cybersecurity Intelligence Team spends all their time analyzing vulnerability data and thinking of new ways to discover undisclosed or unknown vulnerabilities. We live and breathe dependency security so that you can build on open source with confidence.
All the tools you need to stay secure
Use our specialized Python scanning and monitoring tools.
Flexible command-line tool
Our powerful Safety command-line tool can be dropped into any environment, developer machines, CI/CD pipelines or production systems, and supports multiple configuration and output options including exit codes, JSON out and screen output.
Integrated git source control tools
Integrate our scanning tools into your git source control management tool, including GitHub, GitLab or BitBucket actions and pipelines.
OS License compliance scanning
Be confident that they are using packages within the correct license type and enforce 3rd-party license policies to reduce licensing-related risks.
Team management tools
Invite team members to the PyUp dashboard and set team-wide security policies using our security policy files.
Commercial Python Vulnerability Database
Beyond CVEs - The best Python Vulnerability Database out there
Not all vulnerability databases are created equal. Our Cybersecurity Intelligence Team manually analyzes thousands of potential Python vulnerabilities each month, resulting in a Vulnerability database that goes beyond public CVEs. We track signals in public source control data and leverage natural language analysis on changelog information to find unknown and undisclosed vulnerabilities.
419,855 The number of Python packages that we continuously monitor for new security vulnerabilities.
35% The percentage of unique vulnerabilities, not available in other public or private databases.
2,406 The number of confirmed Python dependency vulnerabilities that our Cybersecurity Intelligence Team has added to our Vulnerability Database in the last 90 days.
34 The number of data points that our team tracks for every Python dependency vulnerability, including custom CVSS severity scoring, our package version recommendations, and more.
