Scanning for Vulnerable and Malicious Packages
Scan and secure projects against dependency vulnerabilities.
Scanning a Python project
Once Safety CLI is installed and you have authenticated, let's scan a Python project.
In your terminal, navigate to the root folder of a Python project, e.g. cd /my/project/
. (This root folder would normally contain files such as composer.lock
, requirements.txt
, READMEs
, Pipfile.lock
, pyproject.toml
, .gitignores
etc.)
Once you have navigated your terminal to your Python project's root directory, run:
safety scan
Running safety scan
will:
Scan your Python project's entire directory for Python package files and Python virtual environments, indexing all the packages found.
Conduct a security analysis of these packages against known security vulnerabilities and malicious package lists.
Identify known vulnerabilities in these packages, including their location and version
Provide fix recommendations.
Once complete, your terminal will show a summary of the vulnerable packages that were found and recommended actions.

Last updated
Was this helpful?