safety

Scan the current project for vulnerable dependencies

$ safety scan

$ safety check -r [requirements.txt]

$ safety scan --output json

$ safety scan --output sbom

$ safety check

$ safety check -r [requirements.txt] --full-report

safety [command] [options]

Safety is a Python dependency vulnerability scanner that checks packages against Safety DB, a database of known security vulnerabilities. It identifies vulnerable and malicious packages in development environments, CI/CD pipelines, and production systems.
The tool scans requirements files, project directories, or the entire Python environment. It provides detailed vulnerability information with CVE references and suggests secure package versions for remediation.
Safety supports multiple output formats including plain text, JSON, HTML, and SBOM (Software Bill of Materials) for integration with security workflows and compliance requirements.

scan

Scan a Python project for dependency vulnerabilities and malicious packages

Check Python dependencies for known security vulnerabilities

Path to requirements file to check

Output format: text, json, sbom, or html

Display full vulnerability report with remediation details

Use a Safety API key for access to the full vulnerability database

Display help information

The free version uses a vulnerability database updated monthly. The full database with 3x more vulnerabilities requires a paid subscription. Safety CLI 3 requires Python 3.9 or higher; older Python versions must use the Docker image.

Safety was developed by PyUp.io as an open-source tool to improve Python supply chain security. The project maintains Safety DB, one of the most comprehensive Python vulnerability databases. Version 3.0 introduced expanded scanning capabilities and SBOM support.

pip-audit(1), pip(1), bandit(1), pipenv(1)