PyUp integrates deeply with GitHub.

PyUp Bot - Automatic Pull Requests

PyUp Bot integration opens pull requests on your repository when a new security vulnerability is discovered that is present in your system. The pull request will update the relevant Python dependencies to patch the security vulnerability. Optionally, PyUp Bot can also open pull requests to upgrade dependencies when new versions are available, ensuring you are using the most up-to-date versions of each dependency you rely on.

To get set up with PyUp Bot, head over to PyUp's repository dashboard where you need to grant PyUp permission to your GitHub repos, and then start adding and scanning your repos.

PyUp's Bot has a lot of configuration options, which you can read here.

You can read more about this pull request bot here.

Safety CI (deprecated)

Safety CI runs a security scan on any new code that gets added to your GitHub repository. For example, when new code is pushed to a branch or a pull request is created, Safety CI will run a security scan on that code. The results of the scan will be visible inside GitHub (seen as a test), and additional information and a history of your scans are viewable in PyUp's account dashboards.

You can read more about Safety CI installation and configurations.

While Safety CI is easy to set up, we recommend instead running Safety scans in a custom GitHub Action. This is a more comprehensive way to scan your dependencies because it can analyze your environment and catch recursive and transitive dependencies.

Read how to set up Safety security scans in GitHub actions Safety security scans in GitHub actions