Keep your Python dependencies secure and compliant using our industry-leading Python vulnerability scanner.
We monitor, scan and secure your Python dependencies against vulnerabilities so that you can use open source with confidence.
Trusted by thousands of teams around the world
Dependencies are a security risk
Build with confidence
Scan all your environments, including transitives and recursive dependency installations on:
• Developer machines
• CI/CD pipelines
• git source control management - GitHub, GitLab, and Bitbucket
• Production systems
Know exactly what dependencies you're using, everywhere.
Safety CI scans of every new branch or pull request that your team makes.
Get automated pull requests with instant fixes to security vulnerabilities and upgrades to your Python dependencies.
PyUp's tools integrate into GitHub, Gitlab and Bitbucket.
Get clear and actionable fix recommendations (or even an automated fix pull request), all powered by PyUp's leading Dependency Vulnerability Database.
Whether using our integrated GitHub tools or our Safety Command line tool to scan and secure your Python environments, we give you clear, actionable fix and upgrade recommendations for dependencies that have security vulnerabilities.
Staying secure is easy with the best Python vulnerability data out there.
Be secured by our industry-leading Python Vulnerability Database, which goes beyond public CVE data.
Triaging and fixing vulnerabilities is easy with our manually vetted CVSS severity information, package version recommendations and more.
Rely on clear and actionable recommendations for secure package versions based on your system and context.
Our Cybersecurity Intelligence Team spends all their time analyzing vulnerability data and thinking of new ways to discover undisclosed or unknown vulnerabilities. We live and breathe dependency security so that you can build on open source with confidence.
Use our specialized Python scanning and monitoring tools.
Our powerful Safety command-line tool can be dropped into any environment, developer machines, CI/CD pipelines or production systems, and supports multiple configuration and output options including exit codes, JSON out and screen output.
Integrate our scanning tools into your git source control management tool, including GitHub, GitLab or BitBucket actions and pipelines.
Be confident that they are using packages within the correct license type and enforce 3rd-party license policies to reduce licensing-related risks.
Invite team members to the PyUp dashboard and set team-wide security policies using our security policy files.
Beyond CVEs - The best Python Vulnerability Database out there
Not all vulnerability databases are created equal. Our Cybersecurity Intelligence Team manually analyzes thousands of potential Python vulnerabilities each month, resulting in a Vulnerability database that goes beyond public CVEs. We track signals in public source control data and leverage natural language analysis on changelog information to find unknown and undisclosed vulnerabilities.
462,628 The number of Python packages that we continuously monitor for new security vulnerabilities.
35% The percentage of unique vulnerabilities, not available in other public or private databases.
4,328 The number of confirmed Python dependency vulnerabilities that our Cybersecurity Intelligence Team has added to our Vulnerability Database in the last 90 days.
34 The number of data points that our team tracks for every Python dependency vulnerability, including custom CVSS severity scoring, our package version recommendations, and more.