Using Safety in Conda Environments

Using Safety CLI with Anaconda Environments

Overview

Safety CLI is the only dependency scanner powered by Safety's industry-leading vulnerability database. Safety CLI can be used to scan and secure Anaconda projects and environments, with some additional steps required to help make implementation and rollout seamless across your team. This guide will show you how to use Safety CLI effectively with your Anaconda projects.

General Process

To scan Anaconda environments with Safety CLI, the following general steps are recommended:

Export the Anaconda manifest (list of packages in the Anaconda project):

conda activate your_environment_name
conda list -e > requirements.txt

Separate pip-installed packages and conda-installed packages into two separate temporary requirements.txt files (instructions and examples for this below)
Scan the separated requirements files using safety scan
Delete the temporary requirements.txt files that were created

Unix-based Systems (Linux/macOS)

For a streamlined workflow on Unix-based systems, use the following bash script:

#!/bin/bash

# Function to clean up temporary files
cleanup() {
    rm -f requirements.txt conda_requirements.txt pip_requirements.txt
}

# Trap to ensure cleanup happens even if the script is interrupted
trap cleanup EXIT

# Generate requirements file
conda list -e > requirements.txt

# Function to separate conda and pip packages
separate_requirements() {
    local input_file=$1
    local conda_output=$2
    local pip_output=$3

    > "$conda_output"
    > "$pip_output"

    while IFS= read -r line
    do
        if [[ $line =~ ^#.*$ ]] || [[ -z $line ]]; then
            echo "$line" >> "$conda_output"
        elif [[ $line == *"=pypi_0"* ]]; then
            package_info=$(echo "$line" | sed 's/=/==/;s/=pypi_0//')
            echo "$package_info" >> "$pip_output"
        else
            package_info=$(echo "$line" | awk -F= '{print $1"=="$2" #"$3}')
            echo "$package_info" >> "$conda_output"
        fi
    done < "$input_file"
}

# Separate requirements
separate_requirements "requirements.txt" "conda_requirements.txt" "pip_requirements.txt"

# Run safety with all arguments passed to this script
safety "$@"

# Cleanup is handled by the trap

Usage

Save the script as conda_safety.sh
Make it executable: chmod +x conda_safety.sh
Run the script as a replacement for the safety command, using any Safety CLI arguments. For example:

conda activate <your_environment_name>
./conda_safety.sh scan

conda activate <your_environment_name>
./conda_safety.sh scan --output json

Setting Up as a Command using an alias

To use the script as a command:

Add an alias in your shell configuration file (~/.bashrc or ~/.zshrc):
```
alias conda-safety='/path/to/your/conda_safety.sh'
```
Reload your shell configuration:
```
source ~/.bashrc  # or ~/.zshrc for Zsh
```

Now you can use conda-safety as a drop-in replacement for the safety command. Once you've activated your conda environment, use `conda-safety`. For example:

conda activate <your_environment_name>
conda-safety auth
conda-safety scan

Windows-based Systems

For Windows users, use the following PowerShell script:

# Function to clean up temporary files
function Cleanup {
    Remove-Item -ErrorAction SilentlyContinue requirements.txt, conda_requirements.txt, pip_requirements.txt
}

# Ensure cleanup happens even if the script is interrupted
trap { Cleanup; break }

# Generate requirements file
conda list -e > requirements.txt

# Function to separate conda and pip packages
function Separate-Requirements {
    param (
        [string]$InputFile,
        [string]$CondaOutput,
        [string]$PipOutput
    )

    $null > $CondaOutput
    $null > $PipOutput

    Get-Content $InputFile | ForEach-Object {
        if ($_ -match '^#' -or $_ -eq '') {
            $_ >> $CondaOutput
        }
        elseif ($_ -match '=pypi_0') {
            $packageInfo = $_ -replace '=', '==' -replace '=pypi_0', ''
            $packageInfo >> $PipOutput
        }
        else {
            $parts = $_ -split '='
            "$($parts[0])==$($parts[1]) #$($parts[2])" >> $CondaOutput
        }
    }
}

# Separate requirements
Separate-Requirements "requirements.txt" "conda_requirements.txt" "pip_requirements.txt"

# Run safety with all arguments passed to this script
safety $args

# Cleanup
Cleanup

Usage

Save the script as Conda-Safety.ps1
Open PowerShell and navigate to the script's directory
Run the script with Safety CLI arguments:

conda activate <your_environment_name>
.\Conda-Safety.ps1 scan

conda activate <your_environment_name>
.\Conda-Safety.ps1 scan --output json

Setting Up as a Command

To use the script as a command in Windows:

Create a directory for the script if it doesn't exist:

mkdir C:\Users\YourUsername\Documents\WindowsPowerShell\Scripts

Move the script to this directory:

Move-Item Conda-Safety.ps1 C:\Users\YourUsername\Documents\WindowsPowerShell\Scripts

Add the directory to your PATH:
- Open System Properties
- Click on Environment Variables
- Under System Variables, find and edit the PATH variable
- Add C:\Users\YourUsername\Documents\WindowsPowerShell\Scripts

Create a PowerShell profile if you don't have one:

if (!(Test-Path -Path $PROFILE)) { New-Item -ItemType File -Path $PROFILE -Force }

Add this line to your PowerShell profile:

Set-Alias conda-safety C:\Users\YourUsername\Documents\WindowsPowerShell\Scripts\Conda-Safety.ps1

Now you can use conda-safety as a command in PowerShell as a drop-in replacement for the safety command. This requires safety and conda to already be installed and available in Powershell.

Important Note

Conda-installed packages may differ from standard PyPI packages. As a result, security findings for conda-installed packages may differ from PyPi equivalent packages. Always verify findings for conda-installed packages against the specific versions in your Anaconda environment.

Help and Implementation Assistance

Anaconda environments and setups vary. If the instructions above do not work or you encouter any issues, please don't hesitate to reach out to our support team at [email protected]. We're here to help you ensure the security of your Python projects, regardless of your environment setup.

PreviousGlobal proxy and identity configuration NextUnderstanding Vulnerability Scoring Systems: CVSS and EPSS

Last updated 1 year ago

Was this helpful?

hashtagUsing Safety CLI with Anaconda Environments

hashtagOverview

hashtagTable of Contents

hashtagGeneral Process

hashtagUnix-based Systems (Linux/macOS)

hashtagUsage

hashtagSetting Up as a Command using an alias

hashtagWindows-based Systems

hashtagUsage

hashtagSetting Up as a Command

hashtagImportant Note

hashtagHelp and Implementation Assistance

Using Safety CLI with Anaconda Environments

Overview

Table of Contents

General Process

Unix-based Systems (Linux/macOS)

Usage

Setting Up as a Command using an alias

Windows-based Systems

Usage

Setting Up as a Command

Important Note

Help and Implementation Assistance