Using Firewall

This guide covers the everyday experience of working with Safety Firewall, including how package installations work, viewing scan results, and understanding warning messages.

Using Aliased Package Managers

After installing Safety Firewall, your package managers (like pip) are aliased to their Safety equivalents. This means every time you use a package manager, Safety Firewall automatically intercepts and analyzes the request.

Verifying Alias Configuration

To check if your aliases are properly configured, run:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

which pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, you may need to reload your shell configuration:

source ~/.profile  # or ~/.bashrc, ~/.zshrc, etc.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

where pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

gcm pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

Installing Packages

Basic Package Installation

Install packages as you normally would:

pip install requests

Safety Firewall will:

Intercept the request
Analyze the package and its dependencies
Apply your organization's policies
Either warn, block, or allow the installation
Record the installation event in Safety Platform

Installing from Requirements Files

When installing from requirements files:

pip install -r requirements.txt

Safety Firewall will analyze all packages specified in the file before installation.

When working within a registered codebase, Safety Firewall automatically updates your requirements files to use Safety's secure package index.

Understanding Warning Messages

Vulnerability Warnings

When installing packages with known vulnerabilities, you may see warnings like:

Warning: Package "django==3.2.0" has known vulnerabilities (CVE-2023-xxxx).See https://platform.safetycli.com/vulnerabilities/CVE-2023-xxxx for details.

These warnings are displayed based on your organization's policies.

Policy-Based Blocks

If a package violates a blocking policy, you'll see a message like:

Blocked: Package "malicious-package" is known to be malicious.For more information, visit https://platform.safetycli.com/packages/malicious-package

IMPORTANT: Blocked installations are recorded in Safety Platform for audit purposes. If a legitimate package is blocked, contact your organization's Safety administrator.

Performance Considerations

Installation Speed

Package installations through Safety Firewall may be slightly slower than direct installations. This is because Safety Firewall downloads the package before delivering it to your system.

The slight increase in installation time is offset by the security benefits of preventing vulnerable or malicious packages from entering your system.

Working with Codebases

Automatic Scans

When working in a registered codebase, Safety Firewall automatically scans your dependencies whenever you:

Install packages with pip install
Remove packages with pip uninstall
Update your requirements with pip install -r requirements.txt

These scans happen in the background and results are uploaded to Safety Platform.

Manual Scans

You can still perform manual scans at any time:

safety scan

This is useful when you want to check the current security status of your project.

Viewing Results in Safety Platform

Installation Activity

All package installations across your organization appear in the "Firewall" section of Safety Platform. Here you can:

See who installed what packages and when
Filter by user, package, or date
View detailed information about each installation event

Codebase Security Status

The "Codebases" section of Safety Platform shows:

Current vulnerability counts for each codebase
Recent scan activity
Package installation history

PreviousUninstalling Firewall NextWorking with Codebases

Last updated 7 days ago

Was this helpful?

Using Firewall

This guide covers the everyday experience of working with Safety Firewall, including how package installations work, viewing scan results, and understanding warning messages.

Using Aliased Package Managers

Verifying Alias Configuration

To check if your aliases are properly configured, run:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

which pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, you may need to reload your shell configuration:

source ~/.profile  # or ~/.bashrc, ~/.zshrc, etc.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

where pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

gcm pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

Installing Packages

Basic Package Installation

Install packages as you normally would:

pip install requests

Safety Firewall will:

Intercept the request
Analyze the package and its dependencies
Apply your organization's policies
Either warn, block, or allow the installation
Record the installation event in Safety Platform

Installing from Requirements Files

When installing from requirements files:

pip install -r requirements.txt

Safety Firewall will analyze all packages specified in the file before installation.

When working within a registered codebase, Safety Firewall automatically updates your requirements files to use Safety's secure package index.

Understanding Warning Messages

Vulnerability Warnings

When installing packages with known vulnerabilities, you may see warnings like:

Warning: Package "django==3.2.0" has known vulnerabilities (CVE-2023-xxxx).See https://platform.safetycli.com/vulnerabilities/CVE-2023-xxxx for details.

These warnings are displayed based on your organization's policies.

Policy-Based Blocks

If a package violates a blocking policy, you'll see a message like:

Blocked: Package "malicious-package" is known to be malicious.For more information, visit https://platform.safetycli.com/packages/malicious-package

IMPORTANT: Blocked installations are recorded in Safety Platform for audit purposes. If a legitimate package is blocked, contact your organization's Safety administrator.

Performance Considerations

Installation Speed

Package installations through Safety Firewall may be slightly slower than direct installations. This is because Safety Firewall downloads the package before delivering it to your system.

The slight increase in installation time is offset by the security benefits of preventing vulnerable or malicious packages from entering your system.

Working with Codebases

Automatic Scans

When working in a registered codebase, Safety Firewall automatically scans your dependencies whenever you:

Install packages with pip install
Remove packages with pip uninstall
Update your requirements with pip install -r requirements.txt

These scans happen in the background and results are uploaded to Safety Platform.

Manual Scans

You can still perform manual scans at any time:

safety scan

This is useful when you want to check the current security status of your project.

Viewing Results in Safety Platform

Installation Activity

All package installations across your organization appear in the "Firewall" section of Safety Platform. Here you can:

See who installed what packages and when
Filter by user, package, or date
View detailed information about each installation event

Codebase Security Status

The "Codebases" section of Safety Platform shows:

Current vulnerability counts for each codebase
Recent scan activity
Package installation history

PreviousUninstalling Firewall NextWorking with Codebases

Last updated 7 days ago

Was this helpful?