Available Commands and Inputs
The available commands and options within Safety CLI Scanner are detailed below. These can also be found within Safety CLI by typing safety --help
or safety [command] --help
.
Authentication
Commands
login
logout
Log out from the current Safety CLI session.
Example: safety auth logout
status
Show the current authentication status.
Example: safety auth status
Options
--install-completion
Install shell-specific completion scripts.
Example: safety auth --install-completion fish
--show-completion
Show shell completion scripts for manual setup.
Example: safety auth --show-completion fish
--help
Show detailed help information for commands and options.
Example: safety auth --help
Commands
Commands
auth
scan
Run vulnerability scans on a Python project directory.
Example: safety scan
system-scan
Run a comprehensive scan for packages and vulnerabilities across your entire machine/environment.
Example: safety system-scan
Other Commands
alert
[Deprecated] Create GitHub Pull Requests from scan results. Being replaced by newer features.
Example: safety alert
check
[Deprecated] Find vulnerabilities in target files/environments. Now replaced by safety scan.
Example: safety check /path/to/requirements.txt
check-updates
Check for updates to the Safety CLI.
Example: safety check-updates
configure
Set up global configurations for Safety CLI, including proxy settings and organization details.
Example: safety configure --proxy-host 192.168.0.1
generate
Generate a standard Safety CLI policy file to establish baseline policies for scans.
Example: safety generate policy_file
validate
Check if your local Safety CLI policy file is valid.
Example: safety validate /path/to/policy.yml
Options
--stage
Assign a development lifecycle stage to your scan (default: development).
Example: safety --stage production scan
--key
Use an API key for scans in CI/CD or Production (default: none).
For Development scans, unset the API key and authenticate using safety auth.
Example: safety --key 'your_api_key' scan
--proxy-host
Specify a proxy host for network communications.
Example: safety configure --proxy-host 'proxy.example.com'
--proxy-port
Set the proxy port (default: 80).
Note: proxy details can be set globally in a config file. See safety configure --help.
Example: safety configure --proxy-port 8080
--proxy-protocol
Choose the proxy protocol (default: https).
Note: proxy details can be set globally in a config file. See safety configure --help.
Example: safety configure --proxy-protocol https
--disable-optional-telemetry-data
Opt-out of sending optional telemetry for privacy. Anonymized telemetry data will remain.
Example: safety --disable-optional-telemetry-data scan
--debug
Enable debug mode for detailed output in addition to standard output.
Example: safety --debug scan
--version
Display the installed version of Safety CLI.
Example: safety --version
--help
Show detailed help information for commands and options.
Example: safety --help
Safety Scan Options
Options
--target
Define a specific project path for scanning.
Example: safety scan --target /path/to/project
--output
Set the format for scan results (default: screen) using Screen, JSON, HTML, or SPDX.
Example: safety scan --output json
--detailed-output
Enable a verbose scan report for detailed insights.
Example: safety scan --detailed-output
--save-as
Save scan results in different formats, including text, json, html, and spdx.
Example: safety scan --save-as json results.json
--policy-file
Use a local policy file for scanning.
Example: safety scan --policy-file /path/to/policy.yml
--install-completion
Install command-line completion for easier use.
Example: safety --install-completion bash
--show-completion
Display shell completion scripts for customization.
Example: safety --show-completion zsh
--apply-fixes
Automatically apply updates to requirements files for identified vulnerabilities in accordance with the parameters set in the config file.
Example: safety scan --apply-fixes
Environment Variables
SAFETY_REQUEST_TIMEOUT
30 seconds
Allows setting a custom request timeout for Safety CLI when pulling vulnerability and license JSON data from servers. If set, this value takes priority over the default hardcoded value.
Last updated
Was this helpful?