Installation and Configuration
System Requirements
Before installing Safety Firewall, ensure your system meets the following requirements:
Operating Systems:
macOS 10.14 or later
Linux (Ubuntu, Debian, CentOS, RHEL)
Windows 10 or later
Python: Version 3.8 or later
Safety Firewall works with pip, uv, and poetry. We'll automatically detect and configure the package managers on your system.
Before You Begin
Create a Safety Account
If you don't already have a Safety account, sign up here.
Get Your Organization Ready
To use Safety Firewall, your organization must have the Firewall feature enabled. If you're unsure whether your organization has access, contact your Safety administrator or reach out to our support team.
1. Installation
1.1 Install Safety CLI
Open your terminal and run the following command:
pip install safety

1.2 Authenticate with Safety
Run the authentication command:
safety auth login
This will open a browser window where you can log in to your Safety account. Once authenticated, your terminal will show a success message.

1.3 Verify Authentication Status
You can check your authentication status at any time with:
safety auth status
This should display your email address and confirm that you're authenticated.
Make sure you're authenticated before proceeding to the next step. If you're not authenticated or don't have the Firewall feature enabled, the safety init
command will not be available.
2. Initialization of Safety Firewall
After installing the Safety CLI and authenticating your account, you can initialize Safety Firewall with a single command:
safety init
This command starts the interactive setup process for Safety Firewall.
What Happens During Initialization
When you run safety init
, the following actions take place:
Safety checks if you're authenticated and asks if you want to setup Safety Firewall.
Safety identifies the package managers on your system (pip, poetry, etc.)
Safety configures secure aliases for each package manager
Safety detects if there is a codebase in your current directory
Safety offers to set up this codebase for ongoing protection
IMPORTANT: After initialization, you'll need to refresh your shell environment for the aliases to take effect. This is typically done by running source ~/.safety/.safety_profile
or the equivalent for your shell.

3. Verifying Firewall Installation
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
which pip
You should see output similar to:
pip: aliased to safety pip
If you don't see this output, your shell environment may need to be reloaded.
Understanding Safety Firewall Configuration
Package Manager Aliasing
Safety Firewall works by creating aliases for your package managers. When you run a command like pip install requests
, the alias intercepts the command and routes it through Safety Firewall, which:
Analyzes the requested package(s) for vulnerabilities and malicious code
Applies your organization's security policies
Either warns, blocks, or allows the installation
Records the installation event in the Safety Platform
Configuration Files
Safety Firewall creates several configuration files on your system:
~/.safety/
: The main directory for Safety Firewall configuration~/.safety/config.toml
: Global configuration file.safety-project.ini
: Project-specific configuration (created in each code base directory)
Configuring Your First Codebase
During initialization, Safety may detect a requirements file or Python project in your current directory and offer to configure it as a code base. If you accept, Safety will:
Create a
.safety-project.ini
file in the directoryPerform an initial scan of the project's dependencies
Upload the scan results to the Safety Platform
Configure the directory for ongoing monitoring
Manual Codebase Configuration
If you want to set up a codebase after initialization, navigate to the project directory and run:
safety codebases init
Follow the prompts to name the code base and set up initial scanning.
Configuration Options
Supported Package Managers
Safety Firewall currently supports the following package managers:
pip: Fully supported
poetry: Fully supported
UV: Fully supported
Additional package managers will be added in future updates.
Last updated
Was this helpful?