circle-check
Safety v3.7.0 is now available. Upgrade using "pip install -U safety" or "uv tool install safety==3.7.0"
Safety Firewallarrow-up-right
search
Safety PlatformResearchSign Up

display-codeUsing Firewall

This guide covers the everyday experience of working with Safety Firewall, including how package installations work, viewing scan results, and understanding warning messages.

hashtag
Using Aliased Package Managers

After installing Safety Firewall, your package managers (like pip) are aliased to their Safety equivalents. This means every time you use a package manager, Safety Firewall automatically intercepts and analyzes the request.

hashtag
Verifying Alias Configuration

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

which pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, you may need to reload your shell configuration:

source ~/.profile  # or ~/.bashrc, ~/.zshrc, etc.

hashtag
Installing Packages

hashtag
Basic Package Installation

Install packages as you normally would:

Safety Firewall will:

  1. Intercept the request

  2. Analyze the package and its dependencies

  3. Apply your organization's policies

  4. Either warn, block, or allow the installation

  5. Record the installation event in Safety Platform

hashtag
Installing from Requirements Files

When installing from requirements files:

Safety Firewall will analyze all packages specified in the file before installation.

circle-info

When working within a registered codebase, Safety Firewall automatically updates your requirements files to use Safety's secure package index.

hashtag
Understanding Warning Messages

hashtag
Vulnerability Warnings

When installing packages with known vulnerabilities, you may see warnings like:

These warnings are displayed based on your organization's policies.

hashtag
Policy-Based Blocks

If a package violates a blocking policy, you'll see a message like:

circle-exclamation

IMPORTANT: Blocked installations are recorded in Safety Platform for audit purposes. If a legitimate package is blocked, contact your organization's Safety administrator.

hashtag
Performance Considerations

hashtag
Installation Speed

Package installations through Safety Firewall may be slightly slower than direct installations. This is because Safety Firewall downloads the package before delivering it to your system.

circle-info

The slight increase in installation time is offset by the security benefits of preventing vulnerable or malicious packages from entering your system.

hashtag
Working with Codebases

hashtag
Automatic Scans

When working in a registered codebase, Safety Firewall automatically scans your dependencies whenever you:

  • Install packages with pip install

  • Remove packages with pip uninstall

  • Update your requirements with pip install -r requirements.txt

These scans happen in the background and results are uploaded to Safety Platform.

hashtag
Manual Scans

You can still perform manual scans at any time:

This is useful when you want to check the current security status of your project.

hashtag
Viewing Results in Safety Platform

hashtag
Installation Activity

All package installations across your organization appear in the "Firewall" section of Safety Platform. Here you can:

  • See who installed what packages and when

  • Filter by user, package, or date

  • View detailed information about each installation event

hashtag
Codebase Security Status

The "Codebases" section of Safety Platform shows:

  • Current vulnerability counts for each codebase

  • Recent scan activity

  • Package installation history

PreviousUsing Safety Firewall in DockerNextWorking with Codebases

Last updated

Was this helpful?