Blog

Introducing Safety CLI 3: Vulnerability Scanning for Secure Python Development

January 17, 2024
4 mins
Safety CLI 3 is Now Available! Learn how our most extensive update to the Safety dependency vulnerability scanner enables secure development in Python.

Introducing Safety CLI 3: Vulnerability Scanning for Secure Python Development

We're thrilled to announce the release of Safety CLI 3, our most ambitious and extensive update to date, and a leap forward in our commitment to software supply chain security. With pioneering new features, Safety CLI 3 enables the secure use of Python dependencies, from development to deployment.

With the advent of GenAI, there has never been a more exciting time in Open Source. Safety CLI 3 builds on the foundations set in Safety CLI 2, leveraging the industry’s most comprehensive vulnerability database for Python in a lightweight platform that’s easy to deploy to teams of all sizes. We have entirely re-engineered Safety CLI 3 with three key objectives: 

  1. Secure by Default: Make it easier than ever for developers to follow security best practices and leverage open source software without disrupting existing workflows.
  2. Comprehensive Security Across Programming Ecosystems: Provide comprehensive coverage for customers in all industries and of all sizes by enabling the support of languages beyond Python (JavaScript, Java, and .NET) and expansion of our best-in-class data to include EPSS exploitability data, project context, and more. 
  3. Shift-Left Security: Enable teams to identify and remediate vulnerabilities before they reach CI/CD, providing Enterprise-grade security at every stage of development. 

Available Now: Safety CLI 3 on PyPI

Starting today, Safety CLI 3 is available for download on PyPI. The release introduces a suite of features to enhance the security of your development cycle:

  • Improved Scanning Capabilities using the new safety scan command. Scan project directories for all Python dependencies, with native support for Poetry files, Pipenv files, and Python virtual environment folders.
  • Enhanced CLI output for clarity and actionable insights.
  • Comprehensive system-wide scanning across development environments and machines, not just isolated repositories.
  • Automatic fix applications, reducing manual effort.
  • Simplified user authentication, enhancing both usability and security.
  • Improved output formats, including SBOM, JSON, and HTML, for improved integration.
Safety CLI 3 Scan Output

End-to-End Vulnerability Detection and Remediation

Our goal is to enable the secure use of open-source software by empowering data scientists, AI/ML engineers, FinTech teams, and Python developers in every industry to easily detect and remediate vulnerabilities and malicious packages at every stage of the software development lifecycle.

Safety CLI 3 now has the option to scan for vulnerabilities across all Python installations on a development machine, not just within specific project repositories. This system-wide approach ensures that potential security issues are identified and remediated early in the development process, "shifting security left" and minimizing the risk of vulnerabilities making it to production.

“Safety CLI 3 makes it easier than ever for developers to follow security best practices without disrupting their workflow.”

We’ve built Safety CLI 3 to allow teams to develop securely without disrupting workflow. To do so, we’ve streamlined the installation process and removed the need for API keys for local scans to lower the barriers for developers to adopt best practices in security.

Enterprise-Ready Security Solutions

We understand the need for scalable security solutions in large organizations. Safety CLI 3 is equipped with SAML-based user provisioning and authentication, making enterprise deployment effortless. For those seeking an alternative to heavy-weight tools like Anaconda and BlackDuck, Safety CLI 3 offers a lightweight yet robust solution with far less overhead to maintain. 

In our continuous effort to enhance Safety CLI, we're extending our scanning capabilities to additional programming languages. Stay tuned as we roll out support for JavaScript later this month, with further plans to include Java, .NET, and more. 

A Vulnerability Database That Sets Us Apart

Safety CLI 3 is underpinned by Safety DB, the industry’s most comprehensive vulnerability database for Python.

Safety already tracks 3.5x more vulnerabilities and malicious packages than anyone else, and with Safety CLI 3 we're expanding our coverage to include EPSS exploitability data and project-specific context. By doing so, we will enable developers to prioritize security findings with precision, reduce vulnerability noise, and focus on building great software.

Improved CLI Output with SBOM, JSON, and HTML Support

Whether performing scans in a single project directory or across an entire machine, Safety now provides clearer output, with detailed recommendations for vulnerability remediation.

Safety CLI 3 introduces new output formats - HTML, SBOM, and improved JSON - enabling customers to integrate the output from Safety scans into other tools that form part of their workflow.

Screenshot of Safety CLI 3 output in the Terminal showing clearer output and improved recommendations.

Applying Fixes is Easier Than Ever

Applying fixes to security findings is more intuitive than ever. With the --apply-fixes argument, Safety CLI 3 can automatically update requirements files to include secure versions of dependencies where available, guided by your project's policy settings.

Screenshot illustrating that Safety CLI 3 can automatically apply fixes to requirements files.

Authentication and Distribution

All Safety users will now require an account and to authenticate before running scans. In doing so, we facilitate the central management and configuration of team policies, linking scans to specific projects and providing a full audit log of all scans.

Safety CLI 3 also introduces SAML-based authentication, providing Enterprise customers with an easier way to manage users and licenses without manually distributing API keys. Safety CLI 3 continues to support API keys in CI/CD and production scans.

Safety CLI 3 Quick Start

To access the new features of Safety CLI 3, follow our Quick Start Guide for detailed setup and authentication instructions. For those migrating from Safety 2.x, please refer to our migration documentation. For CI/CD integration, our Documentation Hub provides comprehensive guidance, including access to our new GitHub Action.

Full release notes and detailed documentation are available in our Documentation hub

Up Next: Safety Platform Dashboards to Minimize Vulnerability Noise

In the coming weeks, we will begin rolling out new dashboards as part of Safety Platform to provide insights into security findings, reduce vulnerability noise, and manage organization policies.

When any user in your team runs a safety scan or safety system-scan, results are sent to Safety Platform, where they are visible to the user who ran the scan and anyone with access to the project. 

If you have any questions or feedback or would like to speak to a member of our team about using Safety in your team, please reach out to us at [email protected].

The Safety Cybersecurity Team

Reduce vulnerability noise by 90%.
Get a demo today to learn more.