Python Dependency Security PyUp

Keep your Python dependencies secure, up-to-date & compliant

Dependencies are a security risk

There are 2,993 known security vulnerabilities in Python dependencies. Any of these can cause a major security breach in your own code.

Manually tracking and updating dependencies is a full time job, and it only takes one missed GitHub email to have a security breach.

But they don't have to be

PyUp tracks 323,951 Python dependencies for vulnerabilities, so that you don't have to.

Never deploy known vulnerabilities again, and be confident that new vulnerabilities will be automatically fixed.

How it works

These teams use PyUp to manage their Python dependencies

Mozilla Logo
Google Logo
Intel Logo
Axios Logo
Brown University Logo
Freshbooks Logo
Yelp Logo
Mitmproxy
Python Logo
Aiohttp
GroupCreated with Sketch.

and thousands of others

How it works

1. Vulnerabiltity Database

PyUp maintains a comprehensive database of known vulnerabilities. We actively track 323,951 Python dependencies. This is updated in real time, as soon as a new vulnerabilities are logged.

2. Dependency Scanning

PyUp scans your dependency files for insecure or outdated requirements. Our scanners were built to solve for complex Python environments and are highly configurable to your needs.

3. Actionable workflows

PyUp fits into your workflow. Get automated pull request fixes in GitHub, use our Safety CI to catch vulnerabilities before code reaches production, or integrate our command line tools into your CI workflows.

Ready to get started?

7-day free trial, and free for open source

Create an account

Use open source with confidence

Be secure, up-to-date & compliant

PyUp scans private and public Python depedencies for updates, vulnerabilities, Python 3 support and OSS licenses.

 Security

We track and categorize new vulnerability disclosures as they happen so you don't have to. Don't be left with insecure packages.

 Version Updates

PyUp can open PRs for dependencies that have updates. Get a PR as updates are released, or batch updates daily, weekly or monthly.

 Compliance

PyUp scans and lists the OSS licenses of each of your dependencies. Never worry again about using a dependency with a license that isn't compliant with your teams' needs.

323,951

Python Packages tracked

2,993

Current Active Package Vulnerabilities

684,065

Dependency Updates by PyUp

The PyUp Suite

PyUp fits into your workflow. From fully automated pull requests in Github to safety command line tools and APIs, we have excatly what works for your team and codebase.

PyUp can automatically open PRs to update dependency versions. This can be customized to happen as they come, or batched daily, weekly or monthly.

You can set this to only update security updates, and can customize which dependency files to track and which version ranges to consider for each dependency.

PyUp automatically opens PRs to update Dependencies

PyUp's Safety CI integrates with GitHub and will scan all new branches and pull requests for vulnerabilties. This way you can keep your code secure and be aware of problems before they hit production.

PyUp's Safety CI runs dependency vulnerabilities whenever a new branch is pushed to GitHub

PyUp fits easily into your CI pipeline. For example, it returns a non-zero exit status if it finds a vulnerability.

Run it before or after your tests. If Safety finds something, your tests will fail.

install:
  - pip install safety

script:
  - safety check --key=<YOUR_PYUP_API_KEY>

Read more about Safety's command line tool options on GitHub.

PyUp's command line tools allow you to customize and build the perfect workflow for your needs.

Safety CLI

Safety CLI scans your local repository's dependency files and reports on security vulnerabilities. It is highly configurable to scan the files you want, and give the output that works for your workflow. Read more about Safety CLI on GitHub.

Note that Safety CLI is not an antivirus tool and should not be considered a viable solution for detecting harmful or malicious code in the larger operating environment.

PyUp's flexible Safety command line tool allows you to integrate safety checks into any CI workflow

PyUp CLI

The PyUp CLI can update the dependencies in your GitHub or GitLab repository directly from the command line. Learn more about PyUp CLI on GitHub.

Safety can be easily executed as Docker container. To build the container just execute:

docker build -t safety-docker .

The container can be used just as described in the examples README section.

cat requirements_dev.txt | \
docker run -i --rm safety-docker safety check --stdin

PyUp scans and lists the OSS licenses of each of your dependencies. Never worry again about using a dependency with a license that isn't compliant with your teams' needs.

PyUp tracks your dependencies licenses and Python 3 support to make sure your dependencies are compliant with your needs.
background-shape

Python

Built for Python

PyUp is purpose built for Python environments. For example, we scan for and parse requirements.txt, setup.cfg, tox.ini, Pipfiles and Conda files to keep your codebase secure and up-to-date. Read More

Python Logo
background-shape

Configurable

Highly Configurable

Do you have a large legacy codebase and only want to receive security updates? Or a library and only want to receive updates for your dev environment? PyUp's dependency security and version updates are highly configurable. Read more about configuring PyUp

PyUp is highly configurable
background-shape

Integration tools

Plays nice with your integrations

A pull requests triggers the integrations you have set up on your GitHub repo. Run CI tests automatically or post a message to the team's favored chat channel.

PyUp integrations
background-shape

Addons

Useful features

Include dependency licenses (MIT, BSD-2-Clause, etc.) or Common Vulnerability Scoring System (CVSS) data.

PyUp Addons

Ready to get started?

Create an account now

Create an account