Back to main.

Calmcode Shorts

safety.py logosafety.py

Your dependencies might have a security vulnerability. To check for these, you might want to use the safety command line app. You can install it via pip.

pip install safety

And you can check your packages simply by running safety check. If there are no concerns you should see an output like this.

> safety check
+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
| checked 154 packages, using free DB (updated once a month)                   |
+==============================================================================+
| No known security vulnerabilities found.                                     |
+==============================================================================+

This command line app can be used in your CI/CD pipelines as well but an important thing to double-check is the license. The free cli is meant for open-source software and only updates the security checklist once a month. More information can be found on the creators website.


Back to main.