{"id":13468780,"url":"https://github.com/pyupio/safety","last_synced_at":"2025-11-12T21:42:13.809Z","repository":{"id":37257804,"uuid":"71359600","full_name":"pyupio/safety","owner":"pyupio","description":"Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.","archived":false,"fork":false,"pushed_at":"2025-10-29T21:37:37.000Z","size":3495,"stargazers_count":1913,"open_issues_count":36,"forks_count":168,"subscribers_count":30,"default_branch":"main","last_synced_at":"2025-10-29T22:18:19.461Z","etag":null,"topics":["cicd","dependency-management","devsecops","open-source-security","package-management","python","security","security-vulnerability","travis","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://safetycli.com/product/safety-cli","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pyupio.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSES/MIT.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-10-19T13:22:56.000Z","updated_at":"2025-10-27T14:28:15.000Z","dependencies_parsed_at":"2023-11-24T09:03:29.114Z","dependency_job_id":"6ce58e43-1b88-4a22-99c3-e67ef3454d26","html_url":"https://github.com/pyupio/safety","commit_stats":{"total_commits":510,"total_committers":47,"mean_commits":"10.851063829787234","dds":0.7725490196078432,"last_synced_commit":"575f9387f992dacb8fdf0fa70f6e475f3af8a987"},"previous_names":[],"tags_count":108,"template":false,"template_full_name":null,"purl":"pkg:github/pyupio/safety","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pyupio","download_url":"https://codeload.github.com/pyupio/safety/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pyupio%2Fsafety/sbom","scorecard":{"id":752480,"data":{"date":"2025-08-11","repo":{"name":"github.com/pyupio/safety","commit":"d87aa743654df1f35403fb2eb514703e97cefb75"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.9,"checks":[{"name":"Maintained","score":10,"reason":"20 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":7,"reason":"Found 22/30 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cd.yml:26","Warn: no topLevel permission defined: .github/workflows/build.yml:1","Warn: no topLevel permission defined: .github/workflows/bump.yml:1","Warn: no topLevel permission defined: .github/workflows/cd.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/issue_responder.yml:1","Warn: no topLevel permission defined: .github/workflows/pr.yml:1","Warn: no topLevel permission defined: .github/workflows/reusable-build.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSES/MIT.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSES/MIT.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 3.6.0 not signed: https://api.github.com/repos/pyupio/safety/releases/231129917","Warn: release artifact 3.6.0b0 not signed: https://api.github.com/repos/pyupio/safety/releases/231007779","Warn: release artifact 3.5.2 not signed: https://api.github.com/repos/pyupio/safety/releases/223231644","Warn: release artifact 3.5.2b1 not signed: https://api.github.com/repos/pyupio/safety/releases/222833561","Warn: release artifact 3.5.1 not signed: https://api.github.com/repos/pyupio/safety/releases/218427948","Warn: release artifact 3.6.0 does not have provenance: https://api.github.com/repos/pyupio/safety/releases/231129917","Warn: release artifact 3.6.0b0 does not have provenance: https://api.github.com/repos/pyupio/safety/releases/231007779","Warn: release artifact 3.5.2 does not have provenance: https://api.github.com/repos/pyupio/safety/releases/223231644","Warn: release artifact 3.5.2b1 does not have provenance: https://api.github.com/repos/pyupio/safety/releases/222833561","Warn: release artifact 3.5.1 does not have provenance: https://api.github.com/repos/pyupio/safety/releases/218427948"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/build.yml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing job operating system: .github/workflows/ci.yml:147","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/ci.yml:152","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/ci.yml:156","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:87","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:92","Info: Possibly incomplete results: error parsing shell code: invalid parameter name: .github/workflows/reusable-build.yml:99","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:103","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:131","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:136","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/reusable-build.yml:172","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:79: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/bump.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/bump.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/bump.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/bump.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/cd.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cd.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/cd.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/cd.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/cd.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:140: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:143: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/issue_responder.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/issue_responder.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reusable-build.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/pyupio/safety/reusable-build.yml/main?enable=pin","Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating python:3.8-alpine to python:3.8-alpine@sha256:3d93b1f77efce339aa77db726656872517b0d67837989aa7c4b35bd5ae7e81ba","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:d67a7b66b989ad6b6d6b10d428dcc5e0bfc3e5f88906e67d490c4d3daac57047","Warn: containerImage not pinned by hash: tests/action/docker-insecure/Dockerfile:1: pin your Docker image by updating python:3.10-slim to python:3.10-slim@sha256:420fbb0e468d3eaf0f7e93ea6f7a48792cbcadc39d43ac95b96bee2afe4367da","Warn: containerImage not pinned by hash: tests/action/docker-secure/Dockerfile:1: pin your Docker image by updating python:3.10-slim to python:3.10-slim@sha256:420fbb0e468d3eaf0f7e93ea6f7a48792cbcadc39d43ac95b96bee2afe4367da","Warn: npmCommand not pinned by hash: .devcontainer/Dockerfile:6-28","Warn: pipCommand not pinned by hash: .devcontainer/Dockerfile:30-31","Warn: pipCommand not pinned by hash: Dockerfile:11","Warn: pipCommand not pinned by hash: tests/action/docker-insecure/Dockerfile:3","Warn: pipCommand not pinned by hash: tests/action/docker-secure/Dockerfile:3","Warn: pipCommand not pinned by hash: release.sh:56","Warn: pipCommand not pinned by hash: .github/workflows/build.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/bump.yml:51","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:34","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:35","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:91","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:92","Warn: pipCommand not pinned by hash: .github/workflows/reusable-build.yml:41","Warn: pipCommand not pinned by hash: .github/workflows/reusable-build.yml:42","Info:   0 out of  23 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   6 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of  13 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T20:44:08.644Z","repository_id":37257804,"created_at":"2025-08-22T20:44:08.644Z","updated_at":"2025-08-22T20:44:08.644Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284115869,"owners_count":26949957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-12T02:00:06.336Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","dependency-management","devsecops","open-source-security","package-management","python","security","security-vulnerability","travis","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-07-31T15:01:18.938Z","updated_at":"2025-11-12T21:42:13.804Z","avatar_url":"https://github.com/pyupio.png","language":"Python","funding_links":[],"categories":["Python","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","SAST","Free Tools","Point-of-use validations","Security","Python (1887)","Software Engineering","📚 Learning Resources","Tools","vulnerability-scanners","Vulnerabilities and Security Advisories","Code Security","Static Application Security Testing (SAST)"],"sub_categories":["Python","\u003ca id=\"9d1ce4a40c660c0ce15aec6daf7f56dd\"\u003e\u003c/a\u003e未分类-Vul","Vulnerability information exchange","For Java","Curated Python packages","Python Security","Safety","Language Specific"],"readme":"[![safety](https://cdn.safetycli.com/images/cli_readme_header.png)](https://docs.safetycli.com/)\n\n[![Downloads](https://static.pepy.tech/badge/safety/month)](https://pepy.tech/project/safety)\n![CI Status](https://github.com/pyupio/safety/actions/workflows/ci.yml/badge.svg)\n![License](https://img.shields.io/github/license/pyupio/safety)\n![PyPI Version](https://img.shields.io/pypi/v/safety)\n![Python Versions](https://img.shields.io/pypi/pyversions/safety)\n![Coverage](https://img.shields.io/codecov/c/github/pyupio/safety)\n\n\u003e [!NOTE]\n\u003e [Come and join us at SafetyCLI](https://apply.workable.com/safety/). We are hiring for various roles.\n\n# Table of Contents\n- [Table of Contents](#table-of-contents)\n- [Introduction](#introduction)\n- [Key Features](#key-features)\n- [Getting Started](#getting-started)\n  - [GitHub Action](#github-action)\n  - [Command Line Interface](#command-line-interface)\n    - [1. Installation](#1-installation)\n    - [2. Log In or Register](#2-log-in-or-register)\n    - [3. Running Your First Scan](#3-running-your-first-scan)\n  - [Basic Commands](#basic-commands)\n- [Service-Level Agreement (SLA)](#service-level-agreement-sla)\n- [Detailed Documentation](#detailed-documentation)\n- [License](#license)\n- [Supported Python Versions](#supported-python-versions)\n- [Resources](#resources)\n\n# Introduction\nSafety CLI is a Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems.\nSafety CLI can be deployed in minutes and provides clear, actionable recommendations for remediation of detected vulnerabilities.\n\nLeveraging the industry's most comprehensive database of vulnerabilities and malicious packages, Safety CLI Scanner allows teams to detect vulnerabilities at every stage of the software development lifecycle.\n\n# Key Features\n- Versatile, comprehensive dependency security scanning for Python packages.\n- Leverages Safety DB, the most comprehensive vulnerability data available for Python.\n- Clear output with detailed recommendations for vulnerability remediation.\n- Automatically updates requirements files to secure versions of dependencies where available, guided by your project's policy settings.\n- Scanning of individual requirements files and project directories or system-wide scans on developer machines, CI/CD pipelines, and Production systems to detect vulnerable or malicious dependencies.\n- JSON, SBOM, HTML and text output.\n- Easy integration with CI/CD pipelines, including GitHub Actions.\n- Enterprise Ready: Safety CLI can be deployed to large teams with complex project setups with ease, on-premise or as a SaaS product.\n\n# Getting Started\n## GitHub Action\n\n- Test Safety CLI in CI/CD using our [GitHub Action](https://github.com/pyupio/safety-action).\n- Full documentation on the [GitHub Action](https://github.com/pyupio/safety-action) is available on our [Documentation Hub](https://docs.safetycli.com).\n\n## Command Line Interface\n\n### 1. Installation\n\n- Install Safety on your development machine.\n- Run `pip install safety`.\n\n### 2. Log In or Register\n\n- Run your first scan using `safety scan`.\n- If not authenticated, Safety will prompt for account creation or login.\n- Use `safety auth` to check authentication status.\n\n### 3. Running Your First Scan\n\n- Navigate to a project directory and run `safety scan`.\n- Safety will perform a scan and present results in the Terminal.\n\n## Basic Commands\n\n- `safety --help`: Access help and display all available commands.\n- `safety auth`: Start authentication flow or display status.\n- `safety scan`: Perform a vulnerability scan in the current directory.\n- `safety system-scan`: Perform a scan across the entire development machine.\n- `safety scan --apply-fixes`: Update vulnerable dependencies.\n\n# Service-Level Agreement (SLA)\n\nWe are committed to maintaining a high level of responsiveness and transparency in managing issues reported in our codebases. This SLA outlines our policies and procedures for handling issues to ensure timely resolutions and effective communication with our community.\n\n- [Read our full SLA](./SLA.md)\n\n# Detailed Documentation\nFull documentation is available at [https://docs.safetycli.com](https://docs.safetycli.com).\n\nIncluded in the documentation are the following key topics:\n\n**Safety CLI 3**\n- [Introduction to Safety CLI 3](https://docs.safetycli.com/safety-docs/safety-cli-3/introduction-to-safety-cli-scanner)\n- [Quick Start Guide](https://docs.safetycli.com/safety-docs/safety-cli-3/quick-start-guide)\n- [Installation and Authentication](https://docs.safetycli.com/safety-docs/safety-cli-3/installation-and-authentication)\n- [Scanning for Vulnerable and Malicious Packages](https://docs.safetycli.com/safety-docs/safety-cli-3/scanning-for-vulnerable-and-malicious-packages)\n- [System-Wide Developer Machine Scanning](https://docs.safetycli.com/safety-docs/safety-cli-3/system-wide-developer-machine-scanning)\n- [Viewing Scan Results](https://docs.safetycli.com/safety-docs/safety-cli-3/viewing-scan-results)\n- [Available Commands and Inputs](https://docs.safetycli.com/safety-docs/safety-cli-3/available-commands-and-inputs)\n- [Scanning in CI/CD](https://docs.safetycli.com/safety-docs/safety-cli-3/scanning-in-ci-cd)\n- [License Scanning](https://docs.safetycli.com/safety-docs/safety-cli-3/license-scanning)\n- [Exit Codes](https://docs.safetycli.com/safety-docs/safety-cli-3/exit-codes)\n\n**Vulnerability Remediation**\n- [Applying Fixes](https://docs.safetycli.com/safety-docs/vulnerability-remediation/applying-fixes)\n\n**Integration**\n- [Securing Git Repositories](https://docs.safetycli.com/safety-docs/installation/securing-git-repositories)\n- [GitHub](https://docs.safetycli.com/safety-docs/installation/github)\n- [GitHub Actions](https://docs.safetycli.com/safety-docs/installation/github-actions)\n- [GitLab](https://docs.safetycli.com/safety-docs/installation/gitlab)\n- [Git Post-Commit Hooks](https://docs.safetycli.com/safety-docs/installation/git-post-commit-hooks)\n- [BitBucket](https://docs.safetycli.com/safety-docs/installation/bitbucket)\n- [Pipenv](https://docs.safetycli.com/safety-docs/installation/pipenv)\n- [Docker Containers](https://docs.safetycli.com/safety-docs/installation/docker-containers)\n\n**Administration**\n- [Policy Management](https://docs.safetycli.com/safety-docs/administration/policy-management)\n\n**Output**\n- [Output Options and Recommendations](https://docs.safetycli.com/safety-docs/output/output-options-and-recommendations)\n- [JSON Output](https://docs.safetycli.com/safety-docs/output/json-output)\n- [SBOM Output](https://docs.safetycli.com/safety-docs/output/sbom-output)\n- [HTML Output](https://docs.safetycli.com/safety-docs/output/html-output)\n\n**Miscellaneous**\n- [Release Notes](https://docs.safetycli.com/safety-docs/miscellaneous/release-notes)\n- [Breaking Changes in Safety 3](https://docs.safetycli.com/safety-docs/miscellaneous/release-notes/breaking-changes-in-safety-3)\n- [Safety 2.x Documentation](https://docs.safetycli.com/safety-2)\n- [Support](https://docs.safetycli.com/safety-docs/miscellaneous/support)\n\nSystem status is available at [https://status.safetycli.com](https://status.safetycli.com)\n\nFurther support is available by emailing support@safetycli.com.\n\n# License\nSafety is released under the MIT License.\n\nUpon creating an account, a 7-day free trial of our Team plan is offered to new users, after which they will be downgraded to our Free plan. This plan is limited to a single user and is not recommended for commercial purposes.\n\nOur paid [plans for commercial use](https://safetycli.com/resources/plans) begin at just $25 per seat per month and allow scans to be performed using our full vulnerability database, complete with 3x more tracked vulnerabilities and malicious packages than our free plan and other providers. To learn more about our Team and Enterprise plans, please visit [https://safetycli.com/resources/plans](https://safetycli.com/resources/plans) or email sales@safetycli.com.\n\n# Supported Python Versions\nSafety CLI 3 supports Python versions \u003e=3.9. Further details on supported versions, as well as options to run Safety CLI on versions \u003c3.9 using a Docker image are available in our [Documentation Hub](https://docs.safetycli.com).\n\nWe maintain a policy of supporting all maintained and secure versions of Python, plus one minor version below the oldest maintained and secure version. Details on Python versions that meet these criteria can be found here: https://endoflife.date/python.\n\n# Resources\n\n- [Safety Cybersecurity website](https://safetycli.com)\n- [Safety Login Page](https://safetycli.com/login)\n- [Documentation](https://docs.safetycli.com)\n- [Careers/Hiring](https://apply.workable.com/safety/)\n- [Security Research and Blog](https://safetycli.com/blog)\n- [GitHub Action](https://github.com/safetycli/action)\n- [Support](mailto:support@safetycli.com)\n- [Status Page](https://status.safetycli.com)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyupio%2Fsafety","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpyupio%2Fsafety","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpyupio%2Fsafety/lists"}