Getting started with Safety 2.x
This guide will take you through the implementation of securing your Python environments using Safety.
Existing Customers: Upgrade to Safety 3.0
Safety 3.0 is now available, providing system-wide scanning, unpinned package support, new SBOM and JSON output formats, and more.
This documentation will guide you through implementing security scans in your systems so that you:
- Know what you're using
- Can implement security policies and processes in your teams
- Are ensuring you are not open to any known dependency vulnerabilities
Safety CLI scans and protects your Python environments against dependency vulnerability and license compliance risk, including:
- Your development environments and machines
- Your testing and staging pipelines
- Your git source control management systems including Github, Gitlab, and Bitbucket
- Your production systems
The best place to start scanning and securing your dependencies is in a central build process, or in your git central code management system like GitHub, Gitlab, or Bitbucket.
One of our core security principles is shift-left security, which means trying to scan your code for security vulnerabilities as early in the development lifecycle as possible.
Once you have your central build or repository scans set up, we recommend also scanning your development environments. The easiest way to do this is to add Safety CLI scan as a git post-commit hook.
Safety has a direct GitHub integration that can automatically open pull requests with fixes to security vulnerabilities in your dependencies. To integrate this and learn more, see our GitHub Bot and Safety CI integration details