Safety v3.7.0 is now available. Upgrade using "pip install -U safety" or "uv tool install safety==3.6.2"
Safety Firewall
Safety PlatformResearchSign Up

Using Safety in Conda Environments

Using Safety CLI with Anaconda Environments

Overview

Safety CLI is the only dependency scanner powered by Safety's industry-leading vulnerability database. Safety CLI can be used to scan and secure Anaconda projects and environments, with some additional steps required to help make implementation and rollout seamless across your team. This guide will show you how to use Safety CLI effectively with your Anaconda projects.

Table of Contents

General Process

To scan Anaconda environments with Safety CLI, the following general steps are recommended:

  1. Export the Anaconda manifest (list of packages in the Anaconda project):

    conda activate your_environment_name
conda list -e > requirements.txt

  2. Separate pip-installed packages and conda-installed packages into two separate temporary requirements.txt files (instructions and examples for this below)

  3. Scan the separated requirements files using safety scan

  4. Delete the temporary requirements.txt files that were created

Unix-based Systems (Linux/macOS)

For a streamlined workflow on Unix-based systems, use the following bash script:

Usage

  1. Save the script as conda_safety.sh

  2. Make it executable: chmod +x conda_safety.sh

  3. Run the script as a replacement for the safety command, using any Safety CLI arguments. For example:

or

Setting Up as a Command using an alias

To use the script as a command:

  1. Add an alias in your shell configuration file (~/.bashrc or ~/.zshrc):

  2. Reload your shell configuration:

Now you can use conda-safety as a drop-in replacement for the safety command. Once you've activated your conda environment, use `conda-safety`. For example:

Windows-based Systems

For Windows users, use the following PowerShell script:

Usage

  1. Save the script as Conda-Safety.ps1

  2. Open PowerShell and navigate to the script's directory

  3. Run the script with Safety CLI arguments:

or

Setting Up as a Command

To use the script as a command in Windows:

  1. Create a directory for the script if it doesn't exist:

  2. Move the script to this directory:

  3. Add the directory to your PATH:

    • Open System Properties

    • Click on Environment Variables

    • Under System Variables, find and edit the PATH variable

    • Add C:\Users\YourUsername\Documents\WindowsPowerShell\Scripts

  4. Create a PowerShell profile if you don't have one:

  5. Add this line to your PowerShell profile:

Now you can use conda-safety as a command in PowerShell as a drop-in replacement for the safety command. This requires safety and conda to already be installed and available in Powershell.

Important Note

Conda-installed packages may differ from standard PyPI packages. As a result, security findings for conda-installed packages may differ from PyPi equivalent packages. Always verify findings for conda-installed packages against the specific versions in your Anaconda environment.

Help and Implementation Assistance

Anaconda environments and setups vary. If the instructions above do not work or you encouter any issues, please don't hesitate to reach out to our support team at [email protected]. We're here to help you ensure the security of your Python projects, regardless of your environment setup.

PreviousGlobal proxy and identity configurationNextUnderstanding Vulnerability Scoring Systems: CVSS and EPSS

Last updated

Was this helpful?