Safety 2 (formerly PyUp)
  • Welcome to Safety 2
  • 2023 Rebrand from PyUp to Safety Cybersecurity
  • Safety 2.x Basics
    • Getting started with Safety 2.x
    • Running a Safety Scan
    • License Scanning
  • Safety CLI 2 Scanner
    • Installation & Quick Start - Safety 2
    • Docker Containers
    • Inputs
    • Output Formats
    • Policy File
    • Applying Security Updates to Requirements Files
    • Exit Codes
    • Help and Support
    • Safety v1 to v2 Breaking Changes
  • Securing Git SCM Pipelines
    • Securing Git Repositories
    • GitHub Actions
      • Advanced Options: GitHub Actions
    • BitBucket Pipelines
    • Gitlab Pipelines
    • GitHub Integration
    • Scanning Development Environments with Git Post-Commit Hook
  • Troubleshooting
    • Invalid API Key Error
Powered by GitBook
On this page
  1. Safety CLI 2 Scanner

Applying Security Updates to Requirements Files

Available in safety versions >2.3.5

Available for pip requirement file scans (poetry and pipenv support coming soon).

Requires a Safety API KEY

Applying security updates automatically

Safety can apply suggested security updates to scanned pip requirement files by including the --apply-security-updates flag.

Examples:

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates

will include an interactive prompt to guide you through updating package versions to more secure versions.

Set a threshold for applying fixes automatically

You can set the maximum version change that Safety will apply without user input using the --auto-security-updates-limit (Short alias: -asul) flag. This sets the maximum version update for applying fixes automatically without asking for user input. Possible values are: major, minor, patch (default is value patch).

As this is an upper limit, using major is equivalent to automatically applying all the fixes without user input.

Examples:

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor

This will update the requirements.txt file (and any other requirements files it references) with all the security remediations that are minor or patch updates. If a remediation requires a major version update, then Safety will ask for user input if they want to make this change.

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul major

In this case as major was passed, all the remediations will be automatically applied in the file and any of its recursive include files.

safety check --key <YOUR-API-KEY> -r dev.txt -r staging.txt --apply-security-updates -asul minor

Safety will update both of these files, automatically applying the remediations for minor and patch updates, and asking for confirmation for any major version updates.

--no-prompt to skip any updates that require user input

If you want to ensure that Safety will not wait for user input, the --no-prompt flag will apply all automatic fix updates that fall within the --auto-security-updates-limit limit, and ignore those that require user input.

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor --no-prompt

This will apply all patch and minor version security updates to requirements.txt and ignore any major version updates, with no user input prompt.

PreviousPolicy FileNextExit Codes

Last updated 1 year ago

This option can also be set using the .

Safety policy file