safety: checks your installed dependencies for known security vulnerabilities
Safety
Safety is a command-line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with security issues.
If you are using something insecure, you’ll get a report on what exactly is affected.
See what is vulnerable
Safety CI integrates with your GitHub account, just like tests do. You’ll get a status on every pull request and on each and every commit – across all your branches.
See what exactly is wrong
If you are using a dependency with a known security vulnerability, checks on GitHub will fail and you’ll get a link to a page with details about the vulnerability. This allows you to check if you are affected and gives you all the details straight from the source.
Installation
pip install safety
Use
By default, it uses the open Python vulnerability database Safety DB but can be upgraded to use pyup.io’s Safety API using the –key option.
To check your currently selected virtual environment for dependencies with known security vulnerabilities, run:
safety check
You should get a report similar to this:
Copyright (c) 2016, pyup.io
Source: https://github.com/pyupio/
