Safety 2 (formerly PyUp)
  • Welcome to Safety 2
  • 2023 Rebrand from PyUp to Safety Cybersecurity
  • Safety 2.x Basics
    • Getting started with Safety 2.x
    • Running a Safety Scan
    • License Scanning
  • Safety CLI 2 Scanner
    • Installation & Quick Start - Safety 2
    • Docker Containers
    • Inputs
    • Output Formats
    • Policy File
    • Applying Security Updates to Requirements Files
    • Exit Codes
    • Help and Support
    • Safety v1 to v2 Breaking Changes
  • Securing Git SCM Pipelines
    • Securing Git Repositories
    • GitHub Actions
      • Advanced Options: GitHub Actions
    • BitBucket Pipelines
    • Gitlab Pipelines
    • GitHub Integration
    • Scanning Development Environments with Git Post-Commit Hook
  • Troubleshooting
    • Invalid API Key Error
Powered by GitBook
On this page
  1. Securing Git SCM Pipelines

Securing Git Repositories

PreviousSafety v1 to v2 Breaking ChangesNextGitHub Actions

Last updated 8 months ago

Existing Customers: Upgrade to Safety 3.0

Safety 3.0 is now available, providing system-wide scanning, unpinned package support, new SBOM and JSON output formats, and more.

Securing your git source control management system

The best place to start with scanning your Python codebases for dependency vulnerabilities is in a central place for your team, like your build pipeline or your central source control management system. This allows quick setup and will allow you to know what dependencies are in your systems, and secure them before they get to your production systems, without having to set up each developer's environment.

A quick intro to transitive dependencies

It's important to scan all the Python dependencies present in your systems, and not just the ones listed in your requirements files (these are called transitive, recursive, and run-time dependencies).

Scanning all of your dependencies in your SCM systems

Luckily, scanning your Python environments is really easy to do using our Safety command-line tool. Its default configuration is to scan the local environment where it is running. See our guides below to integrate Safety CLI into your SCM system:

Using GitHub Actions
Using Gitlab CI/CD Pipelines
Using BitBucket Pipelines