Safety v3.5.1 is now available. Upgrade using "pip install -U safety"
Safety Firewall
LogoLogo
Safety PlatformResearchSign Up
  • Introduction to Safety
  • Safety Firewall
    • Introduction to Safety Firewall
    • Installation and Configuration
      • Uninstalling Firewall
    • Using Firewall
      • Working with Codebases
      • Firewall Monitoring and Management
      • Firewall Policy Management
      • Troubleshooting
  • SAFETY CLI
    • Introduction to Safety CLI Vulnerability Scanning
      • Quick Start Guide
      • Migrating from Safety CLI 2.x to Safety CLI 3.x
    • Installation and Authentication
    • Scanning for Vulnerable and Malicious Packages
      • Viewing Scan Results
      • Available Commands and Inputs
      • Scanning in CI/CD
      • Securing Development Environments
      • License Scanning
      • Exit Codes
      • Scanning in Production
    • Safety Telemetry
  • Vulnerability Remediation
    • Applying Fixes
  • Integration
    • Securing Git Repositories
      • GitHub
        • GitHub Actions
      • GitLab
      • BitBucket
      • Azure DevOps
      • Git Post-Commit Hooks
    • Pipenv
    • Docker Containers
  • Administration
    • Safety Policy Files
    • Project Policies
  • Output
    • Output Options and Recommendations
    • JSON Output
    • SBOM Output
    • HTML Output
    • Detecting Vulnerabilities and Sharing Results via Email
  • Support
    • Support
    • Invalid API Key Error
    • Headless Authentication
    • Implementation Support
    • Global proxy and identity configuration
    • Using Safety in Conda Environments
  • Miscellaneous
    • Understanding Vulnerability Scoring Systems: CVSS and EPSS
    • Release Notes
      • Breaking Changes in Safety 3
    • Research and Blog
    • Changelogs
    • Trust Center
    • Terms of Service
    • Safety 2.x Documentation
Powered by GitBook
LogoLogo

Safety Platform

  • Sign Up
  • Login

Research

  • Security Research & Blog

Resources

  • GitHub Action
  • GitHub

© Safety CLI Cybersecurity Inc.

On this page
  • System Requirements
  • Before You Begin
  • Create a Safety Account
  • Get Your Organization Ready
  • 1. Installation
  • 1.1 Install Safety CLI
  • 1.2 Authenticate with Safety
  • 1.3 Verify Authentication Status
  • 2. Initialization of Safety Firewall
  • 3. Verifying Firewall Installation
  • Understanding Safety Firewall Configuration
  • Package Manager Aliasing
  • Configuration Files
  • Configuring Your First Codebase
  • Manual Codebase Configuration
  • Configuration Options

Was this helpful?

  1. Safety Firewall

Installation and Configuration

PreviousIntroduction to Safety FirewallNextUninstalling Firewall

Last updated 14 days ago

Was this helpful?

System Requirements

Before installing Safety Firewall, ensure your system meets the following requirements:

  • Operating Systems:

    • macOS 10.14 or later

    • Linux (Ubuntu, Debian, CentOS, RHEL)

    • Windows 10 or later

  • Python: Version 3.8 or later

Safety Firewall works with pip, uv, and poetry. We'll automatically detect and configure the package managers on your system.

Before You Begin

Create a Safety Account

If you don't already have a Safety account, .

Get Your Organization Ready

To use Safety Firewall, your organization must have the Firewall feature enabled. If you're unsure whether your organization has access, contact your Safety administrator or .

If your Safety account was created before March 2025, the Firewall feature is disabled by default to ensure no breaking changes occur. To enable Firewall, please reach out to our .

1. Installation

1.1 Install Safety CLI

Open your terminal and run the following command:

pip install safety

If you already have Safety installed, please use pip install -U safety . The minimum version required to run Safety Firewall is v3.5.0.

uv tool install safety

1.2 Authenticate with Safety

Run the authentication command:

safety auth login

This will open a browser window where you can log in to your Safety account. Once authenticated, your terminal will show a success message.

1.3 Verify Authentication Status

You can check your authentication status at any time with:

safety auth status

This should display your email address and confirm that you're authenticated.

Make sure you're authenticated before proceeding to the next step. If you're not authenticated or don't have the Firewall feature enabled, the safety init command will not be available.

2. Initialization of Safety Firewall

After installing the Safety CLI and authenticating your account, you can initialize Safety Firewall with a single command:

safety init

This command starts the interactive setup process for Safety Firewall.

What Happens During Initialization

When you run safety init, the following actions take place:

  1. Safety checks if you're authenticated and asks if you want to setup Safety Firewall.

  2. Safety identifies the package managers on your system (pip, poetry, etc.)

  3. Safety configures secure aliases for each package manager

  4. Safety detects if there is a codebase in your current directory

  5. Safety offers to set up this codebase for ongoing protection

IMPORTANT: After initialization, you'll need to refresh your shell environment for the aliases to take effect. This is typically done by running source ~/.safety/.safety_profile or the equivalent for your shell.

3. Verifying Firewall Installation

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

which pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

where pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

gcm pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

Understanding Safety Firewall Configuration

Package Manager Aliasing

Safety Firewall works by creating aliases for your package managers. When you run a command like pip install requests, the alias intercepts the command and routes it through Safety Firewall, which:

  1. Analyzes the requested package(s) for vulnerabilities and malicious code

  2. Applies your organization's security policies

  3. Either warns, blocks, or allows the installation

  4. Records the installation event in the Safety Platform

Configuration Files

Safety Firewall creates several configuration files on your system:

  • ~/.safety/: The main directory for Safety Firewall configuration

  • ~/.safety/config.toml: Global configuration file

  • .safety-project.ini: Project-specific configuration (created in each code base directory)

Most users won't need to manually edit these files. Configuration changes are typically made through the Safety CLI or Safety Platform

Configuring Your First Codebase

During initialization, Safety may detect a requirements file or Python project in your current directory and offer to configure it as a code base. If you accept, Safety will:

  1. Create a .safety-project.ini file in the directory

  2. Perform an initial scan of the project's dependencies

  3. Upload the scan results to the Safety Platform

  4. Configure the directory for ongoing monitoring

Manual Codebase Configuration

If you want to set up a codebase after initialization, navigate to the project directory and run:

safety codebases init

Follow the prompts to name the code base and set up initial scanning.

A "codebase" in Safety refers to a project that is tracked and monitored by the Safety Platform. When a codebase is configured, any package installations or removals within that directory will automatically trigger scans and update the project's security status in the Safety Platform.

Configuration Options

Supported Package Managers

Safety Firewall currently supports the following package managers:

  • pip: Fully supported

  • poetry: Fully supported

  • UV: Fully supported

Additional package managers will be added in future updates.

sign up here
reach out to our support team
support team