Blog

Welcome to Safety: End-to-End Software Supply Chain Security

July 28, 2023
5 min read
PyUp is now Safety Cybersecurity! Read about our rebrand and how Safety delivers end-to-end software supply chain security.

We are thrilled to announce that PyUp Cybersecurity is now Safety Cybersecurity. Over the past five years, PyUp has helped millions of developers leverage open-source Python dependencies securely thanks to our industry-leading vulnerability database and our open source Safety scanner, which detects vulnerabilities and malicious Python packages.

As Safety Cybersecurity, we are excited to announce that we will expand these capabilities to the Javascript, Java, .NET, Go, and Ruby ecosystems, providing the same comprehensive vulnerability data and actionable security intelligence across these ecosystems. Additionally, Safety will focus on two key security areas:  reducing vulnerability noise for our customers, and enhancing our security tools to also secure the increasingly targeted of development machines and environments via typosquatting and other malicious packages.

Beyond Python

This year will see significant expansion to our team and the services we offer to our customers. Perhaps most excitingly, as Safety, we will expand beyond Python and deliver the same comprehensive vulnerability data and security scanning to Javascript, Java, .NET, Go and Ruby ecosystems.

Safety CLI is already recognized and trusted by millions of developers in the Python open-source community who use our Safety CLI scanner every day. We wish to take that name and the trust and recognition that goes with it forward with us to these new ecosystems positively impact those communities in the same way.  

Developer First

Our new logo features a bold wordmark with a blue chevron, paying homage to the “safety” commands entered by millions of developers in the Python community. Safety enables developers to build security into their existing workflows. Safety integrates seamlessly with existing developer workflows, and allows action to be taken earlier in the software development lifecycle.

Reducing Vulnerability Noise

Vulnerability noise is one of the biggest challenges to DevSecOps teams today. By taking a developer-first approach, securing the use of open-source dependencies earlier in the process, and assessing and presenting findings in the context of the work being performed, Safety eliminates 90% of the noise generated in other tools.

Safety Platform's dashboards give contextual, actionable security insights.

The bold shield icon in our new logo symbolizes the security we provide our customers and the confidence they gain in using open-source software. The pixelated top half of the shield represents both the complexity and volume of dependencies required when building software and the vulnerability noise that exists without Safety (excessive alerts, inaccurate findings, false positives, false negatives, etc.). The solid bottom half of the shield conveys the order, reduced vulnerability noise, and simplicity delivered by Safety.

End-to-End Software Development Lifecycle Security

The ring embodies the end-to-end, cyclical, and ongoing nature of the security and confidence we provide. What is considered safe today may not be tomorrow. Safety supplies up-to-date vulnerability data, alerting teams to new risks and attack vectors as they emerge.

What does this mean for existing customers?

Continuing our industry-leading Python security

We are immensely grateful for the Python community's engagement over the past five years and remain committed to maintaining the industry’s leading vulnerability database for Python developers. If you are interested in extending the use of Safety to other languages in your organization, we’d love to hear from you

Shifting Security Left

Our mission remains the same: to enable the secure use of open-source software by detecting and preventing the use of vulnerable and malicious packages at all stages in the software development lifecycle. 

Safety’s shift-left approach includes preventative supply chain security and central policy management, supported by a vulnerability and package data engine that employs ML to analyze security vulnerability indicators.

As Safety, our software supply chain security suite will consist of:

  • Safety CLI: a versatile end-to-end security scanner for development machines, CI/CD pipelines, and production systems that detects vulnerable and malicious packages. Safety CLI recommends fixes for vulnerabilities as they are detected, backed by industry-leading vulnerability data.
  • Safety Platform: A comprehensive threat analysis and management system with central policy management, web-based dashboards, seamless authentication, and on-premise deployment for enterprise customers. Safety significantly reduces security noise by combining high-value data sources and assessing findings in the context of the work being performed. Developers and DevSecOps teams can focus on the most crucial findings, assessed through a combination of measures, including severity, package health, reachability, and exploitability. Safety Platform can be deployed as a cloud service or on-premise for enterprise customers.
  • Safety DB: Scanning for vulnerabilities is only effective if you know which vulnerabilities to look for. Safety VulnDB is the most comprehensive open-source software supply chain threat database available, tracking 3x the number of vulnerabilities and malicious packages compared to any other source. Covering several major programming languages and ecosystems, Safety VulnDB is built by using a dedicated Cybersecurity Intelligence team and ML systems trained to find undisclosed or unknown vulnerabilities.
  • Safety Gateway: Prevent malicious or vulnerable packages from entering your development systems and protect your organization from known threats, typosquatting attacks, and other novel attack vectors. Safety Gateway is a virtual package repository proxy that blocks malicious or vulnerable packages, including on developer machines, before they are installed.

The Future of Software Supply Chain Security

As Safety, we are taking the opportunity to deliver end-to-end software supply chain security to Python, Javascript, Java, .NET, Go, and Ruby ecosystems. Our new Safety Platform will provide developers and DevSecOps teams with actionable security intelligence, significantly reducing vulnerability noise and enabling them to define and apply organization-wide policies. Our Safety VulnDB will include the most comprehensive vulnerability data available; Safety Gateway will prevent the installation of packages with known vulnerabilities or malicious code; and SafetyCLI will enable scanning and protection at every stage of the software development lifecycle.

We’re excited to embark on this new chapter with you. Welcome to Safety!

To learn more about Safety or to speak to one of our team, please email info@safetycli.com.

Reduce vulnerability noise by 90%.
Get a demo today to learn more.