Using Firewall
This guide covers the everyday experience of working with Safety Firewall, including how package installations work, viewing scan results, and understanding warning messages.
Using Aliased Package Managers
After installing Safety Firewall, your package managers (like pip) are aliased to their Safety equivalents. This means every time you use a package manager, Safety Firewall automatically intercepts and analyzes the request.
Verifying Alias Configuration
To check if your aliases are properly configured, run:
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:
You should see output similar to:
If you don't see this output, you may need to reload your shell configuration:
Installing Packages
Basic Package Installation
Install packages as you normally would:
Safety Firewall will:
Intercept the request
Analyze the package and its dependencies
Apply your organization's policies
Either warn, block, or allow the installation
Record the installation event in Safety Platform
Installing from Requirements Files
When installing from requirements files:
Safety Firewall will analyze all packages specified in the file before installation.
Understanding Warning Messages
Vulnerability Warnings
When installing packages with known vulnerabilities, you may see warnings like:
These warnings are displayed based on your organization's policies.
Policy-Based Blocks
If a package violates a blocking policy, you'll see a message like:
IMPORTANT: Blocked installations are recorded in Safety Platform for audit purposes. If a legitimate package is blocked, contact your organization's Safety administrator.
Performance Considerations
Installation Speed
Package installations through Safety Firewall may be slightly slower than direct installations. This is because Safety Firewall downloads the package before delivering it to your system.
Working with Codebases
Automatic Scans
When working in a registered codebase, Safety Firewall automatically scans your dependencies whenever you:
Install packages with
pip install
Remove packages with
pip uninstall
Update your requirements with
pip install -r requirements.txt
These scans happen in the background and results are uploaded to Safety Platform.
Manual Scans
You can still perform manual scans at any time:
This is useful when you want to check the current security status of your project.
Viewing Results in Safety Platform
Installation Activity
All package installations across your organization appear in the "Firewall" section of Safety Platform. Here you can:
See who installed what packages and when
Filter by user, package, or date
View detailed information about each installation event
Codebase Security Status
The "Codebases" section of Safety Platform shows:
Current vulnerability counts for each codebase
Recent scan activity
Package installation history
Last updated
Was this helpful?