Dependencies are a security risk
There are 2,205 known security vulnerabilities in Python dependencies. Any of these can cause a major security breach in your own code.
Manually tracking and updating dependencies is a full time job, and it only takes one missed GitHub email to have a security breach.
But they don't have to be
PyUp tracks 295,363 Python dependencies for vulnerabilities, so that you don't have to.
Never deploy known vulnerabilities again, and be confident that new vulnerabilities will be automatically fixed.
These teams use PyUp to manage their Python dependencies
and thousands of others
How it works
1. Vulnerabiltity Database
PyUp maintains a comprehensive database of known vulnerabilities. We actively track 295,363 Python dependencies. This is updated in real time, as soon as a new vulnerabilities are logged.
2. Dependency Scanning
PyUp scans your dependency files for insecure or outdated requirements. Our scanners were built to solve for complex Python environments and are highly configurable to your needs.
3. Actionable workflows
PyUp fits into your workflow. Get automated pull request fixes in GitHub, use our Safety CI to catch vulnerabilities before code reaches production, or integrate our command line tools into your CI workflows.
The PyUp Suite
PyUp fits into your workflow. From fully automated pull requests in Github to safety command line tools and APIs, we have excatly what works for your team and codebase.
PyUp can automatically open PRs to update dependency versions. This can be customized to happen as they come, or batched daily, weekly or monthly.
You can set this to only update security updates, and can customize which dependency files to track and which version ranges to consider for each dependency.
PyUp's Safety CI integrates with GitHub and will scan all new branches and pull requests for vulnerabilties. This way you can keep your code secure and be aware of problems before they hit production.
PyUp fits easily into your CI pipeline. For example, it returns a non-zero exit status if it finds a vulnerability.
Run it before or after your tests. If Safety finds something, your tests will fail.
install: - pip install safety script: - safety check --key=<YOUR_PYUP_API_KEY>
Read more about Safety's command line tool options on GitHub.
PyUp's command line tools allow you to customize and build the perfect workflow for your needs.
Safety CLI scans your local repository's dependency files and reports on security vulnerabilities. It is highly configurable to scan the files you want, and give the output that works for your workflow. Read more about Safety CLI on GitHub.
Note that Safety CLI is not an antivirus tool and should not be considered a viable solution for detecting harmful or malicious code in the larger operating environment.
The PyUp CLI can update the dependencies in your GitHub or GitLab repository directly from the command line. Learn more about PyUp CLI on GitHub.
Safety can be easily executed as Docker container. To build the container just execute:
docker build -t safety-docker .
The container can be used just as described in the examples README section.
cat requirements_dev.txt | \ docker run -i --rm safety-docker safety check --stdin
PyUp scans and lists the OSS licenses of each of your dependencies. Never worry again about using a dependency with a license that isn't compliant with your teams' needs.
Built for Python
PyUp is purpose built for Python environments. For example, we scan for and parse requirements.txt, setup.cfg, tox.ini, Pipfiles and Conda files to keep your codebase secure and up-to-date. Read More
Do you have a large legacy codebase and only want to receive security updates? Or a library and only want to receive updates for your dev environment? PyUp's dependency security and version updates are highly configurable. Read more about configuring PyUp
Plays nice with your integrations
A pull requests triggers the integrations you have set up on your GitHub repo. Run CI tests automatically or post a message to the team's favored chat channel.
Include dependency licenses (MIT, BSD-2-Clause, etc.) or Common Vulnerability Scoring System (CVSS) data.