Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
View our Privacy Policy for more information.

End-to-End Python Dependency Vulnerability Scanning

Scan your dependencies for known security vulnerabilities and malicious packages.

Integrate into any workflow to scan the full software development lifecycle, from developer machines to CI/CD pipelines and Production systems.

Safety CLI is backed by industry-leading vulnerability data and recommends fixes for vulnerabilities as they are detected.
Scan Your Project Today for Free
Safety CLI screenshot
Safety 2 CLI

Versatile, comprehensive dependency security scanning

Safety CLI can be used on developer machines to scan individual requirements files or perform system-wide scans on developer machines, CI/CD pipelines, and Production systems to detect vulnerable or malicious dependencies.

Developers and DevSecOps are alerted to the presence of vulnerabilities in Safety Platform and in Safety CLI, complete with fix recommendations to minimize the effort required to remove vulnerabilities from your software supply chain.

What is considered safe today may not be tomorrow.
Safety CLI utilizes up-to-date vulnerability data from the industry’s most comprehensive database of vulnerabilities and malicious packages, alerting teams to new risks and attack vectors as they emerge.

Industry-leading Vulnerability Data.
Clear, Actionable Remediation and up to 90% Reduction in Vulnerability Noise.

Get clear and actionable fix recommendations (or even an automated fix pull request), all powered by PyUp's leading Dependency Vulnerability Database.

Whether using our integrated GitHub tools or Safety CLI scanner to secure your Python environments, we give you clear, actionable fix and upgrade recommendations for dependencies that have security vulnerabilities.

Safety reduces vulnerability noise by up to 90% by combining severity, exploitability, package health, and reachability.

Safety Platform - Findings
Safety Platform - Findings

End-to-End: Developer Machine, CI/CD Pipeline and Production Scanning

Safety CLI can be used on developer machines to scan individual requirements files or perform system-wide scans, CI/CD pipelines, and Production systems to detect vulnerable or malicious dependencies and alert developers and DevSecOps to their presence.

Moreover, Safety CLI provides fix recommendations and even includes a fix command to minimize the effort required to remove vulnerabilities from your software supply chain.

Developer-First.  
Deployed in minutes.
Runs in seconds.

Built by developers for developers, Safety CLI can be set up in minutes, fits into any existing workflow, and can be easily deployed to large development teams.

By enabling developers to make informed, security-based decisions earlier in the development lifecycle, the overhead on DevSecOps and infrastructure teams is significantly reduced.

Testing Safety CLI is as simple as running two commands. Using these instructions will perform a scan using our non-commercial database.

For commercial use and a free 7-day trial of Safety, please contact us.

Start Your 7-Day Trial Today
To get started, install the command line client:
pip install safety
Once installed, run the safety scan command:
safety scan
// This will check your current environment's installed dependencies.
To check a requirements file, run:
safety scan -r requirements.txt

Safety Platform Integration

Safety CLI is Enterprise-ready and can be deployed as a cloud service or on-premise.

All scans are sent to a central dashboard in Safety Platform where findings can be reviewed by the developer who ran the scan or any team members with access to that project.

All findings are presented in the context of your environment and scored using a combination of measures, including severity, package health, reachability, and exploitability.

The 'safety system-scan' command is designed to scan an entire machine to find all Python projects and environments on that machine. It finds all requirements.txt files, Poetry and Pipenv files on the machine, as well as Python environments and Python versions on that machine.

safety system-scan --key={API_KEY}
To obtain an API Key, contact us.

What customers are saying

Testimonial logo
Sean Howard FlightPath
We transitioned from the free Snyk scanning to Safety because of the recommendation of one of our lead developers.

And we have loved it.
Sean Howard - CEO, Flightpath

The Future of Software Supply Chain Security

Enterprise Ready for Data-Sensitive Companies

Can be deployed to large teams with complex project setups with ease. Build to scale with your organization and can be deployed on-premise or cloud.
SSO and SAML-Based Authentication

Developers can easily leverage Safety CLI without manually distributing API keys. Safety also supports SAML-based authentication for enterprise customers, ensuring full control over license distribution and access.
Seamless Integration and Scanning of All Environments

Direct, transitive, and recursive dependency installations across developer machines, CI/CD pipelines, Git source control management (GitHub, GitLab, Bitbucket), and Production systems. Empower your development teams with powerful security capabilities directly within their familiar environment.
Actionable Insights and Intelligent Version Recommendations

Output from scans includes detailed research, notes, and recommendations. The Safety Cybersecurity Intelligence Team assesses and monitors hundreds of thousands of dependencies to provide developers with insights to make informed decisions.
Comprehensive Vulnerability Data

Safety CLI leverages our industry-leading vulnerability database for unparalleled coverage across Python, Java, and Javascript. We track 6x the vulnerabilities available in Dependabot (GitHub, GitLab) and other testing suites.
Developer Machine Security

Identify and fix vulnerabilities at the developer machine level before they reach CI/CD or production. Safety CLI 3.0 introduces the 'safety system-scan' command for full system scans, reporting any packages with known vulnerabilities or malicious activities.

Reduce vulnerability noise by 90%.
Get a demo today to learn more.