FAQ

Here are the answers to some of the most common questions we hear from our customers.

Common Questions


The free plan is for non-commercial open source projects. You can create a PyUp account, and add your public GitHub repos, as well as use our free Safety CLI and PyUp CLI tools to manage dependencies.

If you are using PyUp for a commercial project, or you want to get access to our realtime up-to-date vulnerability database, you require a paid PyUp account.

Our free Safety-db can be used for non-commercial projects and is updated once a month. This database is meant to be used by non-commercial open source projects.

PyUp's commercial safety database is continously updated as soon as new vulnerabilities are discovered. If you are on a paid plan using our Github intergration, or using our command line tools with your API Key, you get access to this commercial safety database.

If you are working on a commercial project, then you have two options:
  • Get access to our commercial vulnerability database (updated in real time as vulnerabilities are discovered) by getting a paid business account. This gives you an API key with which to use the Safety command line tool. This starts at $99 USD per month (paid yearly) or $119 USD per month (paid monthly).
  • We do license our free safety-db database for commercial use without the full features of our paid hosted version. This allows you to use our safety-db data with a commercial license and costs $29 USD per month (paid yearly) or $39 USD per month (paid monthly). This would allow you and your team to use the safety command line tool on your commercial projects.

We strongly recommend all commercial projects use our commercial safety database, as otherwise a harmful vulnerability could go unattended for up to 30 days. (Our public safety-db is only updated once per month).

Yes, but you must buy a license from us to do this. We license out the safety-db database for commercial use without the full features of our paid hosted version. This allows you to use our safety-db data with a commercial license and costs $29 USD per month (paid yearly) or $39 USD per month (paid monthly). This would allow you and your team to use the safety command line tool on your commercial projects. We do not recommend this.

Pricing & Accounts


Yes we do. We offer custom licensing, SLAs as well as on-premises versions of PyUp and our commercial vulnerability database. Please contact us at enterprise@pyup.io to discuss our enterprise accounts.
We do not have discounts for startups. If you are running a non-profit, please get in touch at support@pyup.io to discuss potential discounts. If you are running an open source non-commercial project, PyUp is completely free.
PyUp is free for projects that are open source and non-commercial and want to use our basic GitHub integration, GitHub safety CI and free security database. If you are a commercial team, require an API key or our commercial-grade security database you will need a paid account.
Yes. All plans are pro-rated, so you can switch plans or cancel at any time.

Licensing


We license out the safety-db database for commercial use without the full features of our paid hosted version. This allows you to use our safety-db data with a commercial license and costs $29 USD per month (paid yearly) or $39 USD per month (paid monthly). This would allow you and your team to use the safety command line tool on your commercial projects. We do not recommend this for commercial projects.
Yes we do. If you want access to our live up-to-date commercial-grade vulnerability database for re-selling purposes (E.g. you are selling this service on to your customers) please get in touch.

Dependency Best Practices


No. Your dependencies are written by people like you. They may change an API, introduce new bugs and pull in new dependencies. You should at least read the changelog carefully and test your code against the new release.
When you are using very old releases once you update you'll have a hard time tracking down what the problem is when things break. The problem gets really bad when your very old dependency pulls in other dependencies you rely on and expects them to be newer of what you are currently using. This other dependency may break your code somewhere else, so you'll need to track that down too. This can lead to an untangible mess real quick, so it's generally a good idea to update frequently.
Absolutely yes, if you are building a project as an end product. Absolutely no, if you are building a third party library others rely on.

Documentation

Learn more about our Safety and PyUp command line tools by reading our documentation

Contact Us

Get in touch at support@pyup.io. If you have questions about our enterprise solutions get in touch at enterprise@pyup.io

Ready to get started?

Create an account now

Create an account