Introducing Safety CLI 3: Vulnerability Scanning for Secure Python Development
Introducing Safety CLI 3: Vulnerability Scanning for Secure Python Development
We're thrilled to announce the release of Safety CLI 3, our most ambitious and extensive update to date, and a leap forward in our commitment to software supply chain security. With pioneering new features, Safety CLI 3 enables the secure use of Python dependencies, from development to deployment.
With the advent of GenAI, there has never been a more exciting time in Open Source. Safety CLI 3 builds on the foundations set in Safety CLI 2, leveraging the industry’s most comprehensive vulnerability database for Python in a lightweight platform that’s easy to deploy to teams of all sizes. We have entirely re-engineered Safety CLI 3 with three key objectives:
- Secure by Default: Make it easier than ever for developers to follow security best practices and leverage open source software without disrupting existing workflows.
- Comprehensive Security Across Programming Ecosystems: Provide comprehensive coverage for customers in all industries and of all sizes by enabling the support of languages beyond Python (JavaScript, Java, and .NET) and expansion of our best-in-class data to include EPSS exploitability data, project context, and more.
- Shift-Left Security: Enable teams to identify and remediate vulnerabilities before they reach CI/CD, providing Enterprise-grade security at every stage of development.
Available Now: Safety CLI 3 on PyPI
Starting today, Safety CLI 3 is available for download on PyPI. The release introduces a suite of features to enhance the security of your development cycle:
- Improved Scanning Capabilities using the new safety scan command. Scan project directories for all Python dependencies, with native support for Poetry files, Pipenv files, and Python virtual environment folders.
- Enhanced CLI output for clarity and actionable insights.
- Comprehensive system-wide scanning across development environments and machines, not just isolated repositories.
- Automatic fix applications, reducing manual effort.
- Simplified user authentication, enhancing both usability and security.
- Improved output formats, including SBOM, JSON, and HTML, for improved integration.
End-to-End Vulnerability Detection and Remediation
Our goal is to enable the secure use of open-source software by empowering data scientists, AI/ML engineers, FinTech teams, and Python developers in every industry to easily detect and remediate vulnerabilities and malicious packages at every stage of the software development lifecycle.
Safety CLI 3 now has the option to scan for vulnerabilities across all Python installations on a development machine, not just within specific project repositories. This system-wide approach ensures that potential security issues are identified and remediated early in the development process, "shifting security left" and minimizing the risk of vulnerabilities making it to production.
“Safety CLI 3 makes it easier than ever for developers to follow security best practices without disrupting their workflow.”
We’ve built Safety CLI 3 to allow teams to develop securely without disrupting workflow. To do so, we’ve streamlined the installation process and removed the need for API keys for local scans to lower the barriers for developers to adopt best practices in security.
Enterprise-Ready Security Solutions
We understand the need for scalable security solutions in large organizations. Safety CLI 3 is equipped with SAML-based user provisioning and authentication, making enterprise deployment effortless. For those seeking an alternative to heavy-weight tools like Anaconda and BlackDuck, Safety CLI 3 offers a lightweight yet robust solution with far less overhead to maintain.
In our continuous effort to enhance Safety CLI, we're extending our scanning capabilities to additional programming languages. Stay tuned as we roll out support for JavaScript later this month, with further plans to include Java, .NET, and more.
A Vulnerability Database That Sets Us Apart
Safety CLI 3 is underpinned by Safety DB, the industry’s most comprehensive vulnerability database for Python.
Safety already tracks 3.5x more vulnerabilities and malicious packages than anyone else, and with Safety CLI 3 we're expanding our coverage to include EPSS exploitability data and project-specific context. By doing so, we will enable developers to prioritize security findings with precision, reduce vulnerability noise, and focus on building great software.
Improved CLI Output with SBOM, JSON, and HTML Support
Whether performing scans in a single project directory or across an entire machine, Safety now provides clearer output, with detailed recommendations for vulnerability remediation.
Safety CLI 3 introduces new output formats - HTML, SBOM, and improved JSON - enabling customers to integrate the output from Safety scans into other tools that form part of their workflow.
Applying Fixes is Easier Than Ever
Applying fixes to security findings is more intuitive than ever. With the --apply-fixes argument, Safety CLI 3 can automatically update requirements files to include secure versions of dependencies where available, guided by your project's policy settings.
Authentication and Distribution
All Safety users will now require an account and to authenticate before running scans. In doing so, we facilitate the central management and configuration of team policies, linking scans to specific projects and providing a full audit log of all scans.
Safety CLI 3 also introduces SAML-based authentication, providing Enterprise customers with an easier way to manage users and licenses without manually distributing API keys. Safety CLI 3 continues to support API keys in CI/CD and production scans.
Safety CLI 3 Quick Start
To access the new features of Safety CLI 3, follow our Quick Start Guide for detailed setup and authentication instructions. For those migrating from Safety 2.x, please refer to our migration documentation. For CI/CD integration, our Documentation Hub provides comprehensive guidance, including access to our new GitHub Action.
Full release notes and detailed documentation are available in our Documentation hub.
Up Next: Safety Platform Dashboards to Minimize Vulnerability Noise
In the coming weeks, we will begin rolling out new dashboards as part of Safety Platform to provide insights into security findings, reduce vulnerability noise, and manage organization policies.
When any user in your team runs a safety scan or safety system-scan, results are sent to Safety Platform, where they are visible to the user who ran the scan and anyone with access to the project.
If you have any questions or feedback or would like to speak to a member of our team about using Safety in your team, please reach out to us at [email protected].
The Safety Cybersecurity Team