Applying Security Updates to Requirements Files
Available in safety versions >2.3.5
Available for pip requirement file scans (poetry and pipenv support coming soon).
Requires a Safety API KEY
Applying security updates automatically
Safety can apply suggested security updates to scanned pip requirement files by including the --apply-security-updates
flag.
Examples:
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates
will include an interactive prompt to guide you through updating package versions to more secure versions.
Set a threshold for applying fixes automatically
You can set the maximum version change that Safety will apply without user input using the --auto-security-updates-limit
(Short alias: -asul
) flag. This sets the maximum version update for applying fixes automatically without asking for user input. Possible values are: major, minor, patch
(default is value patch
).
As this is an upper limit, using major
is equivalent to automatically applying all the fixes without user input.
Examples:
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor
This will update the requirements.txt file (and any other requirements files it references) with all the security remediations that are minor
or patch
updates. If a remediation requires a major
version update, then Safety will ask for user input if they want to make this change.
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul major
In this case as major
was passed, all the remediations will be automatically applied in the file and any of its recursive include files.
safety check --key <YOUR-API-KEY> -r dev.txt -r staging.txt --apply-security-updates -asul minor
Safety will update both of these files, automatically applying the remediations for minor
and patch
updates, and asking for confirmation for any major
version updates.
--no-prompt to skip any updates that require user input
If you want to ensure that Safety will not wait for user input, the --no-prompt
flag will apply all automatic fix updates that fall within the --auto-security-updates-limit
limit, and ignore those that require user input.
safety check --key <YOUR-API-KEY> -r requirements.txt --apply-security-updates -asul minor --no-prompt
This will apply all patch
and minor
version security updates to requirements.txt
and ignore any major
version updates, with no user input prompt.
Last updated