Applying Security Updates to Requirements Files

Available in safety versions >2.3.5

Available for pip requirement file scans (poetry and pipenv support coming soon).

Requires a Safety API KEY

Applying security updates automatically

Safety can apply suggested security updates to scanned pip requirement files by including the --apply-security-updates flag.


safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates

will include an interactive prompt to guide you through updating package versions to more secure versions.

Set a threshold for applying fixes automatically

You can set the maximum version change that Safety will apply without user input using the --auto-security-updates-limit (Short alias: -asul) flag. This sets the maximum version update for applying fixes automatically without asking for user input. Possible values are: major, minor, patch (default is value patch).

As this is an upper limit, using major is equivalent to automatically applying all the fixes without user input.


safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor

This will update the requirements.txt file (and any other requirements files it references) with all the security remediations that are minor or patch updates. If a remediation requires a major version update, then Safety will ask for user input if they want to make this change.

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul major

In this case as major was passed, all the remediations will be automatically applied in the file and any of its recursive include files.

safety check --key <YOUR-API-KEY> -r dev.txt -r staging.txt --apply-security-updates -asul minor

Safety will update both of these files, automatically applying the remediations for minor and patch updates, and asking for confirmation for any major version updates.

This option can also be set using the Safety policy file.

--no-prompt to skip any updates that require user input

If you want to ensure that Safety will not wait for user input, the --no-prompt flag will apply all automatic fix updates that fall within the --auto-security-updates-limit limit, and ignore those that require user input.

safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor --no-prompt

This will apply all patch and minor version security updates to requirements.txt and ignore any major version updates, with no user input prompt.

Last updated