Floating cubes connected through a line

Python Dependency Security

Keep your Python dependencies secure and compliant using our industry-leading Python vulnerability scanners.

We monitor, scan and secure your Python dependencies against vulnerabilities so that you can use open source with confidence.

Trusted by thousands of teams around the world

Amazon Logo
Datarobot Logo
Dell Logo
Dropbox Logo
Intel Logo
Lyft Logo
Mozilla Logo
Nokia Logo
Red Hat Logo
US Senate Logo
Wiz Logo
Yelp Logo

Use open source.
We'll keep you secure.

Dependencies are a security risk

Our Cybersecurity Intelligence Team tracks and analyzes 429,349 Python dependencies for vulnerabilities, so that you don't have to.

Never deploy known vulnerabilities again, and be confident that new vulnerabilities will be fixed.

Build with confidence

Scan your developer environments, pipelines and production systems for dependency security vulnerabilities.

Get automated pull request fixes in GitHub, use our Safety CI to catch vulnerabilities before code reaches production, and integrate our Safety command line tools to protect your developer machines and your CI/CD workflows.

Deep scans of all your Python Environments

Scan all your environments, including transitives and recursive dependency installations on:
• Developer machines
• CI/CD pipelines
• git source control management - GitHub, GitLab, and Bitbucket
• Production systems


Know exactly what dependencies you're using, everywhere.

Inbox user interface

Integrates into your git source control repos

Safety CI scans of every new branch or pull request that your team makes.
Get automated pull requests with instant fixes to security vulnerabilities and upgrades to your Python dependencies.

PyUp's tools integrate into GitHub, Gitlab and Bitbucket.

Inbox user interface

Clear, actionable fix recommendations

Get clear and actionable fix recommendations (or even an automated fix pull request), all powered by PyUp's leading Dependency Vulnerability Database.

Whether using our integrated GitHub tools or our Safety Command line tool to scan and secure your Python environments, we give you clear, actionable fix and upgrade recommendations for dependencies that have security vulnerabilities.

Inbox user interface

Industry-leading security data

Staying secure is easy with the best Python vulnerability data out there.

Industry-leading Vulnerability Database

Be secured by our industry-leading Python Vulnerability Database, which goes beyond public CVE data.

Detailed vulnerability data

Triaging and fixing vulnerabilities is easy with our manually vetted CVSS severity information, package version recommendations and more.

Clear and actionable fix recommendations

Rely on clear and actionable recommendations for secure package versions based on your system and context.

Access our Cybersecurity Intelligence Team

Our Cybersecurity Intelligence Team spends all their time analyzing vulnerability data and thinking of new ways to discover undisclosed or unknown vulnerabilities. We live and breathe dependency security so that you can build on open source with confidence.

All the tools you need to stay secure

Use our specialized Python scanning and monitoring tools.

Flexible command-line tool

Our powerful Safety command-line tool can be dropped into any environment, developer machines, CI/CD pipelines or production systems, and supports multiple configuration and output options including exit codes, JSON out and screen output.

Integrated git source control tools

Integrate our scanning tools into your git source control management tool, including GitHub, GitLab or BitBucket actions and pipelines.

OS License compliance scanning

Be confident that they are using packages within the correct license type and enforce 3rd-party license policies to reduce licensing-related risks.

Team management tools

Invite team members to the PyUp dashboard and set team-wide security policies using our security policy files.

People working on laptops

Commercial Python Vulnerability Database

Beyond CVEs - The best Python Vulnerability Database out there

Not all vulnerability databases are created equal. Our Cybersecurity Intelligence Team manually analyzes thousands of potential Python vulnerabilities each month, resulting in a Vulnerability database that goes beyond public CVEs. We track signals in public source control data and leverage natural language analysis on changelog information to find unknown and undisclosed vulnerabilities.

429,349 The number of Python packages that we continuously monitor for new security vulnerabilities.

35% The percentage of unique vulnerabilities, not available in other public or private databases.

1,211 The number of confirmed Python dependency vulnerabilities that our Cybersecurity Intelligence Team has added to our Vulnerability Database in the last 90 days.

34 The number of data points that our team tracks for every Python dependency vulnerability, including custom CVSS severity scoring, our package version recommendations, and more.

You build. We'll keep you secure. Create an account or get in touch.