Welcome to Safety: End-to-End Software Supply Chain Security
July 28, 2023
5 min read
PyUp is now Safety Cybersecurity! Read about our rebrand and how Safety delivers end-to-end software supply chain security.
We are thrilled to announce that PyUp Cybersecurity is now Safety Cybersecurity. Over the past five years, PyUp has helped millions of developers leverage open-source Python dependencies securely thanks to our industry-leading vulnerability database and our open source Safety scanner, which detects vulnerabilities and malicious Python packages.
Safety CLI is already recognized and trusted by millions of developers in the Python open-source community who use our Safety CLI scanner every day. We wish to take that name and the trust and recognition that goes with it forward with us to these new ecosystems positively impact those communities in the same way.
Our new logo features a bold wordmark with a blue chevron, paying homage to the “safety” commands entered by millions of developers in the Python community. Safety enables developers to build security into their existing workflows. Safety integrates seamlessly with existing developer workflows, and allows action to be taken earlier in the software development lifecycle.
Reducing Vulnerability Noise
Vulnerability noise is one of the biggest challenges to DevSecOps teams today. By taking a developer-first approach, securing the use of open-source dependencies earlier in the process, and assessing and presenting findings in the context of the work being performed, Safety eliminates 90% of the noise generated in other tools.
The bold shield icon in our new logo symbolizes the security we provide our customers and the confidence they gain in using open-source software. The pixelated top half of the shield represents both the complexity and volume of dependencies required when building software and the vulnerability noise that exists without Safety (excessive alerts, inaccurate findings, false positives, false negatives, etc.). The solid bottom half of the shield conveys the order, reduced vulnerability noise, and simplicity delivered by Safety.
End-to-End Software Development Lifecycle Security
The ring embodies the end-to-end, cyclical, and ongoing nature of the security and confidence we provide. What is considered safe today may not be tomorrow. Safety supplies up-to-date vulnerability data, alerting teams to new risks and attack vectors as they emerge.
What does this mean for existing customers?
Continuing our industry-leading Python security
We are immensely grateful for the Python community's engagement over the past five years and remain committed to maintaining the industry’s leading vulnerability database for Python developers. If you are interested in extending the use of Safety to other languages in your organization, we’d love to hear from you.
Shifting Security Left
Our mission remains the same: to enable the secure use of open-source software by detecting and preventing the use of vulnerable and malicious packages at all stages in the software development lifecycle.
Safety’s shift-left approach includes preventative supply chain security and central policy management, supported by a vulnerability and package data engine that employs ML to analyze security vulnerability indicators.
As Safety, our software supply chain security suite will consist of:
Safety CLI: a versatile end-to-end security scanner for development machines, CI/CD pipelines, and production systems that detects vulnerable and malicious packages. Safety CLI recommends fixes for vulnerabilities as they are detected, backed by industry-leading vulnerability data.
Safety Platform: A comprehensive threat analysis and management system with central policy management, web-based dashboards, seamless authentication, and on-premise deployment for enterprise customers. Safety significantly reduces security noise by combining high-value data sources and assessing findings in the context of the work being performed. Developers and DevSecOps teams can focus on the most crucial findings, assessed through a combination of measures, including severity, package health, reachability, and exploitability. Safety Platform can be deployed as a cloud service or on-premise for enterprise customers.
Safety DB: Scanning for vulnerabilities is only effective if you know which vulnerabilities to look for. Safety VulnDB is the most comprehensive open-source software supply chain threat database available, tracking 3x the number of vulnerabilities and malicious packages compared to any other source. Covering several major programming languages and ecosystems, Safety VulnDB is built by using a dedicated Cybersecurity Intelligence team and ML systems trained to find undisclosed or unknown vulnerabilities.
Safety Gateway: Prevent malicious or vulnerable packages from entering your development systems and protect your organization from known threats, typosquatting attacks, and other novel attack vectors. Safety Gateway is a virtual package repository proxy that blocks malicious or vulnerable packages, including on developer machines, before they are installed.
The Future of Software Supply Chain Security
We’re excited to embark on this new chapter with you. Welcome to Safety!
To learn more about Safety or to speak to one of our team, please email firstname.lastname@example.org.