Available Commands and Inputs

Commands

login

Authenticate with Safety CLI to perform scans. Your default browser will automatically open to https://platform.safetycli.com unless already authenticated. Example: safety auth login

logout

Log out from the current Safety CLI session. Example: safety auth logout

status

Show the current authentication status. Example: safety auth status

Options

--install-completion

Install shell-specific completion scripts. Example: safety auth --install-completion fish

--show-completion

Show shell completion scripts for manual setup. Example: safety auth --show-completion fish

--help

Show detailed help information for commands and options. Example: safety auth --help

Commands

auth

Authenticate Safety CLI to perform scans. Your default browser will automatically open to https://platform.safetycli.com. Example: safety auth login

scan

Run vulnerability scans on a Python project directory. Example: safety scan

system-scan

Run a comprehensive scan for packages and vulnerabilities across your entire machine/environment. Example: safety system-scan

Other Commands

alert

[Deprecated] Create GitHub Pull Requests from scan results. Being replaced by newer features. Example: safety alert

check

[Deprecated] Find vulnerabilities in target files/environments. Now replaced by safety scan. Example: safety check /path/to/requirements.txt

check-updates

Check for updates to the Safety CLI. Example: safety check-updates

configure

Set up global configurations for Safety CLI, including proxy settings and organization details. Example: safety configure --proxy-host 192.168.0.1

generate

Generate a standard Safety CLI policy file to establish baseline policies for scans. Example: safety generate policy_file

validate

Check if your local Safety CLI policy file is valid. Example: safety validate /path/to/policy.yml

Options

--stage

Assign a development lifecycle stage to your scan (default: development). Example: safety --stage production scan

--key

Use an API key for scans in CI/CD or Production (default: none). For Development scans, unset the API key and authenticate using safety auth. Example: safety --key 'your_api_key' scan

--proxy-host

Specify a proxy host for network communications. Example: safety configure --proxy-host 'proxy.example.com'

--proxy-port

Set the proxy port (default: 80). Note: proxy details can be set globally in a config file. See safety configure --help. Example: safety configure --proxy-port 8080

--proxy-protocol

Choose the proxy protocol (default: https). Note: proxy details can be set globally in a config file. See safety configure --help. Example: safety configure --proxy-protocol https

--disable-optional-telemetry-data

Opt-out of sending optional telemetry for privacy. Anonymized telemetry data will remain. Example: safety --disable-optional-telemetry-data scan

--debug

Enable debug mode for detailed output in addition to standard output. Example: safety --debug scan

--version

Display the installed version of Safety CLI. Example: safety --version

--help

Show detailed help information for commands and options. Example: safety --help

Options

--target

Define a specific project path for scanning. Example: safety scan --target /path/to/project

--output

Set the format for scan results (default: screen) using Screen, JSON, HTML, or SPDX. Example: safety scan --output json

--detailed-output

Enable a verbose scan report for detailed insights. Example: safety scan --detailed-output

--save-as

Save scan results in different formats, including text, json, html, and spdx. Example: safety scan --save-as json results.json

--policy-file

Use a local policy file for scanning. Example: safety scan --policy-file /path/to/policy.yml

--install-completion

Install command-line completion for easier use. Example: safety --install-completion bash

--show-completion

Display shell completion scripts for customization. Example: safety --show-completion zsh

--apply-fixes

Automatically apply updates to requirements files for identified vulnerabilities in accordance with the parameters set in the config file. Example: safety scan --apply-fixes

SAFETY_REQUEST_TIMEOUT

30 seconds

Allows setting a custom request timeout for Safety CLI when pulling vulnerability and license JSON data from servers. If set, this value takes priority over the default hardcoded value.