Installation and Configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
Before installing Safety Firewall, ensure your system meets the following requirements:
Operating Systems:
macOS 10.14 or later
Linux (Ubuntu, Debian, CentOS, RHEL)
Windows 10 or later
Python: Version 3.8 or later
Safety Firewall works with pip, uv, and poetry. We'll automatically detect and configure the package managers on your system.
If you don't already have a Safety account, .
To use Safety Firewall, your organization must have the Firewall feature enabled. If you're unsure whether your organization has access, contact your Safety administrator or .
Open your terminal and run the following command:
Run the authentication command:
This will open a browser window where you can log in to your Safety account. Once authenticated, your terminal will show a success message.
You can check your authentication status at any time with:
This should display your email address and confirm that you're authenticated.
Make sure you're authenticated before proceeding to the next step. If you're not authenticated or don't have the Firewall feature enabled, the safety init
command will not be available.
After installing the Safety CLI and authenticating your account, you can initialize Safety Firewall with a single command:
This command starts the interactive setup process for Safety Firewall.
When you run safety init
, the following actions take place:
Safety checks if you're authenticated and asks if you want to setup Safety Firewall.
Safety identifies the package managers on your system (pip, poetry, etc.)
Safety configures secure aliases for each package manager
Safety detects if there is a codebase in your current directory
Safety offers to set up this codebase for ongoing protection
IMPORTANT: After initialization, you'll need to refresh your shell environment for the aliases to take effect. This is typically done by running source ~/.safety/.safety_profile
or the equivalent for your shell.
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
You should see output similar to:
If you don't see this output, your shell environment may need to be reloaded.
Safety Firewall works by creating aliases for your package managers. When you run a command like pip install requests
, the alias intercepts the command and routes it through Safety Firewall, which:
Analyzes the requested package(s) for vulnerabilities and malicious code
Applies your organization's security policies
Either warns, blocks, or allows the installation
Records the installation event in the Safety Platform
Safety Firewall creates several configuration files on your system:
~/.safety/
: The main directory for Safety Firewall configuration
~/.safety/config.toml
: Global configuration file
.safety-project.ini
: Project-specific configuration (created in each code base directory)
During initialization, Safety may detect a requirements file or Python project in your current directory and offer to configure it as a code base. If you accept, Safety will:
Create a .safety-project.ini
file in the directory
Perform an initial scan of the project's dependencies
Upload the scan results to the Safety Platform
Configure the directory for ongoing monitoring
If you want to set up a codebase after initialization, navigate to the project directory and run:
Follow the prompts to name the code base and set up initial scanning.
Safety Firewall currently supports the following package managers:
pip: Fully supported
poetry: Fully supported
UV: Fully supported
Additional package managers will be added in future updates.