A Python dependency vulnerability scanner, Safety CLI enhances software supply chain security by detecting packages with known vulnerabilities and malicious code across development, CI/CD, and production environments. It offers actionable remediation recommendations, benefiting developers and teams by providing a quick, comprehensive method to secure Python projects against security threats.

How It Works

Safety CLI utilizes Safety DB, described as the industry's most comprehensive vulnerability data source for Python. It scans project dependencies, identifies security risks, and generates clear output with detailed remediation advice. A key feature is its capability to automatically update requirements files to secure dependency versions based on project policies.

Quick Start & Requirements

• Installation: pip install safety
• Authentication: safety auth (prompts for account creation/login if unauthenticated).
• First Scan: Navigate to a project directory and run safety scan.
• Prerequisites: Python >= 3.9. Docker images available for older versions.
• Commercial Use: A 7-day free trial is offered, followed by a Free plan (single user, not for commercial use). Paid plans start at $25/seat/month for commercial use with an expanded vulnerability database.
• Links: Documentation: https://docs.safetycli.com, Status: https://status.safetycli.com.

Highlighted Details

• Comprehensive dependency security scanning for Python packages.
• Leverages Safety DB, the most comprehensive vulnerability data for Python.
• Delivers clear output with detailed vulnerability remediation recommendations.
• Automatically updates requirements files to secure dependency versions.
• Supports scanning of individual requirements files, project directories, system-wide, and CI/CD pipelines.
• Offers JSON, SBOM, HTML, and text output formats.
• Integrates easily with CI/CD, including a dedicated GitHub Action.
• Enterprise-ready for large teams, deployable on-premise or as SaaS.

Maintenance & Community

• Actively hiring for various roles.
• A Service-Level Agreement (SLA) is in place for issue handling.
• Support is available via support@safetycli.com.
• System status is monitored and accessible at https://status.safetycli.com.

Licensing & Compatibility

• License: MIT License.
• Commercial Use: The Free plan is not for commercial use. Paid plans ($25/seat/month) are required for commercial applications, offering enhanced features and a more complete vulnerability database.

Limitations & Caveats

The Free plan is limited to a single user and is unsuitable for commercial applications. Access to the full vulnerability database and advanced features like safety system-scan requires a paid subscription.