Safety

LSE top 100LSE top 100Safety (22)Safety (22)

Tool and Usage

Project details

License
MIT
Programming language
Python
Author
Jannis Gebauer
Latest release
3.2.10
Latest release date

Project health

97
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

How it works

To perform a scan, provide a Python requirements file or the output of 'pip freeze'. Then any installed components will be compared with a database. Different sources, like the changelog, will be used to determine which package has a particular issue.

Usage and audience

Safety is commonly used for penetration testing, security assessment, security monitoring, or vulnerability scanning. Target users for this tool are developers, pentesters, and security professionals.

Features

  • Command line interface
  • Integration with continuous integration/delivery (CI/CD)
  • Tool allows multiple integrations

Example usage and output

╒══════════════════════════════════════════════════════════════════════════════╕
│ │
│ /$$$$$$ /$$ │
│ /$$__ $$ | $$ │
│ /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ │
│ /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ │
│ | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ │
│ \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ │
│ /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ │
│ |_______/ \_______/|__/ \_______/ \___/ \____ $$ │
│ /$$ | $$ │
│ | $$$$$$/ │
│ by pyup.io \______/ │
│ │
╞══════════════════════════════════════════════════════════════════════════════╡
│ REPORT │
╞══════════════════════════╤═══════════════╤═══════════════════╤═══════════════╡
│ package │ installed │ affected │ source │
╞══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╡
│ insecure-package │ 0.1.0 │ <0.2.0 │ changelog │
╘══════════════════════════╧═══════════════╧═══════════════════╧═══════════════╛

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 10 contributors
  • + The source code of this software is available

Author and Maintainers

Safety is under development by Jannis Gebauer.

Installation

Supported operating systems

Safety is known to work on Linux.

Dependencies

Several dependencies are required to use Safety.

  • click
  • packaging
  • requests
  • setuptools

Safety alternatives

Similar tools to Safety:

100

Archery

Archery is a Django-based application to perform vulnerability assessments and do vulnerability management.

60

Dagda

Dagda is a security tool to perform static analysis of known vulnerabilities, malware and threats in Docker images and containers. It monitors both the Docker daemon and running containers to find anomalies and suspicious activities.

97

OpenVAS

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

All Safety alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information