Working with Codebases

This guide explains how Safety Firewall interacts with your codebases and how to manage your projects efficiently.

What is a Codebase in Safety?

A "codebase" in Safety refers to a project directory that is registered with Safety for vulnerability scanning and protection. When a directory is configured as a codebase:

Its dependencies are automatically scanned for vulnerabilities
Installation activities within that directory are tracked and monitored
Scan results and package installations are reported to Safety Platform
Organization policies are applied to package installations in that directory

Setting Up a Codebase

During Initialization

When you run safety init, Safety automatically detects Python projects in your current directory and offers to configure them as codebases.

Manual Configuration

To manually set up a directory as a codebase, navigate to the project directory and run:

safety codebase init

Follow the prompts to name the codebase and configure it.

What Happens When You Set Up a Codebase

When you configure a codebase, Safety:

Creates a .safety-project.ini file in the directory
Performs an initial scan of the project's dependencies
Uploads the scan results to the Safety Platform
Configures the directory for ongoing monitoring

The name you choose for your codebase will be displayed in the Safety Platform, so choose something descriptive that helps you identify the project.

Automatic Scanning

One of the key benefits of Safety Firewall is automatic dependency scanning:

When Packages Are Installed or Removed

When you run commands like pip install -r requirements.txt or pip uninstall package-name within a configured codebase:

Safety Firewall intercepts the command
After the installation/removal completes, a scan is automatically triggered
Scan results are uploaded to Safety Platform
The codebase's security status is updated

This means you don't need to run safety scan manually after changing dependencies.

Safety automatically updates your requirements files or pyproject.toml to use the Safety package index. This ensures that all package installations are routed through Safety Firewall.

Manual Scanning

You can still perform manual scans at any time:

safety scan

This will scan the current directory's dependencies and update the results in the Safety Platform.

Viewing Codebase Information

In Safety Platform

Your codebases appear in the "Codebases" section of the Safety Platform, where you can:

View vulnerability counts and security status
See detailed scan results for each codebase
Track package installation history
Manage codebase-specific policies

Working with Unregistered Projects

If you install packages in a directory that isn't configured as a codebase:

Safety Firewall still protects you by analyzing packages before installation
Warnings or blocks are applied based on your organization's policies
Installation events are still recorded in the Safety Platform
However, scan results are not automatically uploaded to Platform

IMPORTANT: Even if a directory isn't registered as a codebase, Safety Firewall still provides protection against vulnerable and malicious packages. The main difference is that scan results aren't automatically tracked in the Safety Platform.

Managing Codebase Policies

Each codebase can have specific policies that override organization-level policies:

Click "Codebase Settings"
Go to the "Policies" tab
Configure codebase-specific policies

If you have a local .safety-project.yml then your local .safety-policy.yml will no longer take effect. Instead, Safety will use the policy defined for the project in the Safety Platform.

PreviousUsing Firewall NextFirewall Monitoring and Management

Last updated 16 days ago

Was this helpful?