Python Dependency Security PyUp
Keep your Python dependencies secure, up-to-date & compliant
Dependencies are a security risk
There are 2,205 known security vulnerabilities in Python dependencies. Any of these can cause a major security breach in your own code.
Manually tracking and updating dependencies is a full time job, and it only takes one missed GitHub email to have a security breach.
But they don't have to be
PyUp tracks 295,363 Python dependencies for vulnerabilities, so that you don't have to.
Never deploy known vulnerabilities again, and be confident that new vulnerabilities will be automatically fixed.
These teams use PyUp to manage their Python dependencies










and thousands of others
How it works
1. Vulnerabiltity Database
PyUp maintains a comprehensive database of known vulnerabilities. We actively track 295,363 Python dependencies. This is updated in real time, as soon as a new vulnerabilities are logged.
2. Dependency Scanning
PyUp scans your dependency files for insecure or outdated requirements. Our scanners were built to solve for complex Python environments and are highly configurable to your needs.
3. Actionable workflows
PyUp fits into your workflow. Get automated pull request fixes in GitHub, use our Safety CI to catch vulnerabilities before code reaches production, or integrate our command line tools into your CI workflows.
Use open source with confidence
Be secure, up-to-date & compliant
PyUp scans private and public Python depedencies for updates, vulnerabilities, Python 3 support and OSS licenses.
Security
We track and categorize new vulnerability disclosures as they happen so you don't have to. Don't be left with insecure packages.
Version Updates
PyUp can open PRs for dependencies that have updates. Get a PR as updates are released, or batch updates daily, weekly or monthly.
Compliance
PyUp scans and lists the OSS licenses of each of your dependencies. Never worry again about using a dependency with a license that isn't compliant with your teams' needs.
295,363
Python Packages tracked
2,205
Current Active Package Vulnerabilities
611,002
Dependency Updates by PyUp
The PyUp Suite
PyUp fits into your workflow. From fully automated pull requests in Github to safety command line tools and APIs, we have excatly what works for your team and codebase.
Python
Built for Python
PyUp is purpose built for Python environments. For example, we scan for and parse requirements.txt, setup.cfg, tox.ini, Pipfiles and Conda files to keep your codebase secure and up-to-date. Read More

Configurable
Highly Configurable
Do you have a large legacy codebase and only want to receive security updates? Or a library and only want to receive updates for your dev environment? PyUp's dependency security and version updates are highly configurable. Read more about configuring PyUp

Integration tools
Plays nice with your integrations
A pull requests triggers the integrations you have set up on your GitHub repo. Run CI tests automatically or post a message to the team's favored chat channel.

Addons
Useful features
Include dependency licenses (MIT, BSD-2-Clause, etc.) or Common Vulnerability Scoring System (CVSS) data.
