// docs

Installation & usage

Safety is available as an online service called Safety CI and an open source command line tool. Use it to check your dependencies for known security vulnerabilities.

Online Service


Safety CI is a part of pyup.io. Check out the installation documentation for the online service. If you just want to run Safety CI without getting dependency updates, you might also want to take a look at usage examples.

Open source


Install safety with pip

pip install safety


To check your currently selected virtual environment for dependencies with known security vulnerabilities, run:

safety check

You should get a report similar to this:

Now, let's install something insecure:

pip install insecure-package

Don't worry, it's just a test package.

Run safety check again:


Read requirement files

Just like pip, Safety is able to read local requirement files:

safety check -r requirements.txt

Read from stdin

Safety is also able to read from stdin with the --stdin flag set.

To check a local requirements file, run:

cat requirements.txt | safety check --stdin

or the output of pip freeze:

pip freeze | safety check --stdin

or to check a single package:

echo "insecure-package==0.1" | safety check --stdin

For more examples, take a look at the options section.

Using Safety with a CI service

Safety works great in your CI pipeline. It returns a non-zero exit status if it finds a vulnerability.

Run it before or after your tests. If Safety finds something, your tests will fail.


  - pip install safety

  - safety check

Using Safety in production

Safety is free and open source (MIT Licensed). The underlying open vulnerability database is updated once per month.

To get access to all vulnerabilities as soon as they are added, you need an API key that comes with a paid pyup.io account.

This document is still a work in progress. Have additional questions? Contact support@pyup.io.