Available Commands and Inputs

The available commands and options within Safety CLI Scanner are detailed below. These can also be found within Safety CLI by typing safety --help or safety [command] --help.

Authentication

safety auth --help
Command/Option
Description

Commands

login

logout

Log out from the current Safety CLI session. Example: safety auth logout

status

Show the current authentication status. Example: safety auth status

Options

--install-completion

Install shell-specific completion scripts. Example: safety auth --install-completion fish

--show-completion

Show shell completion scripts for manual setup. Example: safety auth --show-completion fish

--help

Show detailed help information for commands and options. Example: safety auth --help

Commands

safety --help
Command/Option
Description

Commands

auth

scan

Run vulnerability scans on a Python project directory. Example: safety scan

system-scan

Run a comprehensive scan for packages and vulnerabilities across your entire machine/environment. Example: safety system-scan

Other Commands

alert

[Deprecated] Create GitHub Pull Requests from scan results. Being replaced by newer features. Example: safety alert

check

[Deprecated] Find vulnerabilities in target files/environments. Now replaced by safety scan. Example: safety check /path/to/requirements.txt

check-updates

Check for updates to the Safety CLI. Example: safety check-updates

configure

Set up global configurations for Safety CLI, including proxy settings and organization details. Example: safety configure --proxy-host 192.168.0.1

generate

Generate a standard Safety CLI policy file to establish baseline policies for scans. Example: safety generate policy_file

validate

Check if your local Safety CLI policy file is valid. Example: safety validate /path/to/policy.yml

Options

--stage

Assign a development lifecycle stage to your scan (default: development). Example: safety --stage production scan

--key

Use an API key for scans in CI/CD or Production (default: none). For Development scans, unset the API key and authenticate using safety auth. Example: safety --key 'your_api_key' scan

--proxy-host

Specify a proxy host for network communications. Example: safety configure --proxy-host 'proxy.example.com'

--proxy-port

Set the proxy port (default: 80). Note: proxy details can be set globally in a config file. See safety configure --help. Example: safety configure --proxy-port 8080

--proxy-protocol

Choose the proxy protocol (default: https). Note: proxy details can be set globally in a config file. See safety configure --help. Example: safety configure --proxy-protocol https

--disable-optional-telemetry-data

Opt-out of sending optional telemetry for privacy. Anonymized telemetry data will remain. Example: safety --disable-optional-telemetry-data scan

--debug

Enable debug mode for detailed output in addition to standard output. Example: safety --debug scan

--version

Display the installed version of Safety CLI. Example: safety --version

--help

Show detailed help information for commands and options. Example: safety --help

Safety Scan Options

safety scan --help
Command/Option
Description

Options

--target

Define a specific project path for scanning. Example: safety scan --target /path/to/project

--output

Set the format for scan results (default: screen) using Screen, JSON, HTML, or SPDX. Example: safety scan --output json

--detailed-output

Enable a verbose scan report for detailed insights. Example: safety scan --detailed-output

--save-as

Save scan results in different formats, including text, json, html, and spdx. Example: safety scan --save-as json results.json

--policy-file

Use a local policy file for scanning. Example: safety scan --policy-file /path/to/policy.yml

--install-completion

Install command-line completion for easier use. Example: safety --install-completion bash

--show-completion

Display shell completion scripts for customization. Example: safety --show-completion zsh

--apply-fixes

Automatically apply updates to requirements files for identified vulnerabilities in accordance with the parameters set in the config file. Example: safety scan --apply-fixes

Environment Variables

Env Var
Default Value
Description

SAFETY_REQUEST_TIMEOUT

30 seconds

Allows setting a custom request timeout for Safety CLI when pulling vulnerability and license JSON data from servers. If set, this value takes priority over the default hardcoded value.

Last updated

Was this helpful?