Safety 2 (formerly PyUp)
  • Welcome to Safety 2
  • 2023 Rebrand from PyUp to Safety Cybersecurity
  • Safety 2.x Basics
    • Getting started with Safety 2.x
    • Running a Safety Scan
    • License Scanning
  • Safety CLI 2 Scanner
    • Installation & Quick Start - Safety 2
    • Docker Containers
    • Inputs
    • Output Formats
    • Policy File
    • Applying Security Updates to Requirements Files
    • Exit Codes
    • Help and Support
    • Safety v1 to v2 Breaking Changes
  • Securing Git SCM Pipelines
    • Securing Git Repositories
    • GitHub Actions
      • Advanced Options: GitHub Actions
    • BitBucket Pipelines
    • Gitlab Pipelines
    • GitHub Integration
    • Scanning Development Environments with Git Post-Commit Hook
  • Troubleshooting
    • Invalid API Key Error
Powered by GitBook
On this page
  1. Securing Git SCM Pipelines

Scanning Development Environments with Git Post-Commit Hook

Scanning your development environments

It's a best practice run your security scans as soon as possible in the development life-cycle - this is called shift left security.

Running PyUp security scans in your development environments is as simple as adding Safety's CLI scan to your git pre-commit hook files. This is a file that is executed before a git commit is run, and a failing command in this process will halt the commit itself, and warn the developer of the issue.

Adding Safety CLI to your git pre-commit hooks

To add Safety scans to your git pre-commit hooks, first find your git pre-commit hook file, located at .git/hooks/pre-commit.

If you haven't already set up a pre-commit hook it may still be named pre-commit.sample. In that case, rename it to pre-commit and that file will start running before your git commits.

Once you've got the file ready, add the following to the bottom of the file:

Shell

# Add Safety check
exec safety check --key <your_api_key>

And that's it. Now Safety will scan your development machine before any code is pushed to central source control systems.

PreviousGitHub IntegrationNextInvalid API Key Error

Last updated 1 year ago