Getting started with Safety 2.x

This guide will take you through the implementation of securing your Python environments using Safety.

Existing Customers: Upgrade to Safety 3.0

Safety 3.0 is now available, providing system-wide scanning, unpinned package support, new SBOM and JSON output formats, and more.

To join the beta for the Safety 3.0 release, please complete this form.

This documentation will guide you through implementing security scans in your systems so that you:

  • Know what you're using

  • Can implement security policies and processes in your teams

  • Are ensuring you are not open to any known dependency vulnerabilities

Safety CLI scans and protects your Python environments against dependency vulnerability and license compliance risk, including:

  • Your development environments and machines

  • Your testing and staging pipelines

  • Your git source control management systems including Github, Gitlab, and Bitbucket

  • Your production systems

First, create an account

If you don't have one already, you'll first need to create an account, which will give you access to an API key and our scanning and security tools.

Step 1: Secure your central git repository, or build pipelines

The best place to start scanning and securing your dependencies is in a central build process, or in your git central code management system like GitHub, Gitlab, or Bitbucket.

Implement security scans in your git source control management system.

Step 2: Secure your development machines

One of our core security principles is shift-left security, which means trying to scan your code for security vulnerabilities as early in the development lifecycle as possible.

Once you have your central build or repository scans set up, we recommend also scanning your development environments. The easiest way to do this is to add Safety CLI scan as a git post-commit hook.

Implement security scans on your development machines.

Step 3: For GitHub users, Integrate our Bot and Safety CI tool

Safety has a direct GitHub integration that can automatically open pull requests with fixes to security vulnerabilities in your dependencies. To integrate this and learn more, see our GitHub Bot and Safety CI integration details

Last updated