Safety v3.5.1 is now available. Upgrade using "pip install -U safety"
Safety Firewall
LogoLogo
Safety PlatformResearchSign Up
  • Introduction to Safety
  • Safety Firewall
    • Introduction to Safety Firewall
    • Installation and Configuration
      • Uninstalling Firewall
    • Using Firewall
      • Working with Codebases
      • Firewall Monitoring and Management
      • Firewall Policy Management
      • Troubleshooting
  • SAFETY CLI
    • Introduction to Safety CLI Vulnerability Scanning
      • Quick Start Guide
      • Migrating from Safety CLI 2.x to Safety CLI 3.x
    • Installation and Authentication
    • Scanning for Vulnerable and Malicious Packages
      • Viewing Scan Results
      • Available Commands and Inputs
      • Scanning in CI/CD
      • Securing Development Environments
      • License Scanning
      • Exit Codes
      • Scanning in Production
    • Safety Telemetry
  • Vulnerability Remediation
    • Applying Fixes
  • Integration
    • Securing Git Repositories
      • GitHub
        • GitHub Actions
      • GitLab
      • BitBucket
      • Git Post-Commit Hooks
    • Pipenv
    • Docker Containers
  • Administration
    • Safety Policy Files
    • Project Policies
  • Output
    • Output Options and Recommendations
    • JSON Output
    • SBOM Output
    • HTML Output
    • Detecting Vulnerabilities and Sharing Results via Email
  • Support
    • Support
    • Invalid API Key Error
    • Headless Authentication
    • Implementation Support
    • Global proxy and identity configuration
    • Using Safety in Conda Environments
  • Miscellaneous
    • Understanding Vulnerability Scoring Systems: CVSS and EPSS
    • Release Notes
      • Breaking Changes in Safety 3
    • Research and Blog
    • Changelogs
    • Trust Center
    • Terms of Service
    • Safety 2.x Documentation
Powered by GitBook
LogoLogo

Safety Platform

  • Sign Up
  • Login

Research

  • Security Research & Blog

Resources

  • GitHub Action
  • GitHub

© Safety CLI Cybersecurity Inc.

On this page
  • Using Aliased Package Managers
  • Verifying Alias Configuration
  • Installing Packages
  • Basic Package Installation
  • Installing from Requirements Files
  • Understanding Warning Messages
  • Vulnerability Warnings
  • Policy-Based Blocks
  • Performance Considerations
  • Installation Speed
  • Working with Codebases
  • Automatic Scans
  • Manual Scans
  • Viewing Results in Safety Platform
  • Installation Activity
  • Codebase Security Status

Was this helpful?

  1. Safety Firewall

Using Firewall

This guide covers the everyday experience of working with Safety Firewall, including how package installations work, viewing scan results, and understanding warning messages.

Using Aliased Package Managers

After installing Safety Firewall, your package managers (like pip) are aliased to their Safety equivalents. This means every time you use a package manager, Safety Firewall automatically intercepts and analyzes the request.

Verifying Alias Configuration

To check if your aliases are properly configured, run:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

which pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, you may need to reload your shell configuration:

source ~/.profile  # or ~/.bashrc, ~/.zshrc, etc.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

where pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

After initialization, you can verify that Safety Firewall is correctly installed by checking your package manager aliases:

gcm pip

You should see output similar to:

pip: aliased to safety pip

If you don't see this output, your shell environment may need to be reloaded.

Installing Packages

Basic Package Installation

Install packages as you normally would:

pip install requests

Safety Firewall will:

  1. Intercept the request

  2. Analyze the package and its dependencies

  3. Apply your organization's policies

  4. Either warn, block, or allow the installation

  5. Record the installation event in Safety Platform

Installing from Requirements Files

When installing from requirements files:

pip install -r requirements.txt

Safety Firewall will analyze all packages specified in the file before installation.

When working within a registered codebase, Safety Firewall automatically updates your requirements files to use Safety's secure package index.

Understanding Warning Messages

Vulnerability Warnings

When installing packages with known vulnerabilities, you may see warnings like:

Warning: Package "django==3.2.0" has known vulnerabilities (CVE-2023-xxxx).See https://platform.safetycli.com/vulnerabilities/CVE-2023-xxxx for details.

These warnings are displayed based on your organization's policies.

Policy-Based Blocks

If a package violates a blocking policy, you'll see a message like:

Blocked: Package "malicious-package" is known to be malicious.For more information, visit https://platform.safetycli.com/packages/malicious-package

IMPORTANT: Blocked installations are recorded in Safety Platform for audit purposes. If a legitimate package is blocked, contact your organization's Safety administrator.

Performance Considerations

Installation Speed

Package installations through Safety Firewall may be slightly slower than direct installations. This is because Safety Firewall downloads the package before delivering it to your system.

The slight increase in installation time is offset by the security benefits of preventing vulnerable or malicious packages from entering your system.

Working with Codebases

Automatic Scans

When working in a registered codebase, Safety Firewall automatically scans your dependencies whenever you:

  • Install packages with pip install

  • Remove packages with pip uninstall

  • Update your requirements with pip install -r requirements.txt

These scans happen in the background and results are uploaded to Safety Platform.

Manual Scans

You can still perform manual scans at any time:

safety scan

This is useful when you want to check the current security status of your project.

Viewing Results in Safety Platform

Installation Activity

All package installations across your organization appear in the "Firewall" section of Safety Platform. Here you can:

  • See who installed what packages and when

  • Filter by user, package, or date

  • View detailed information about each installation event

Codebase Security Status

The "Codebases" section of Safety Platform shows:

  • Current vulnerability counts for each codebase

  • Recent scan activity

  • Package installation history

PreviousUninstalling FirewallNextWorking with Codebases

Last updated 16 days ago

Was this helpful?