Check Python Dependencies Vulnerabilities using Safety Package

Check Python Dependencies Vulnerabilities using Safety Package

In the software development, ensuring the security of applications is important. One critical aspect of application security is checking for vulnerabilities in the third-party libraries and dependencies we use in our Python projects. Fortunately, there are powerful tools available to help us identify and address potential security issues. One such tool is the Safety package, which provides a simple and efficient way to check for known vulnerabilities in Python dependencies. This tutorial explains how to check Python dependencies vulnerabilities using the Safety package.

Before we can start utilizing the Safety package, we need to ensure that it is installed in the Python environment. We can install it by running the following command using pip:

pip install safety

To check the currently selected Python environment for dependencies with known security vulnerabilities, run:

safety check

Here's an example output when no security vulnerabilities found:

  Safety v2.3.5 is scanning for Vulnerabilities...
  Scanning dependencies in your environment:

  -> /home/user/workspace/python/misc/venv/lib/python3.10/site-packages

  Using non-commercial database
  Found and scanned 36 packages
  Timestamp 2023-06-25 09:05:19
  0 vulnerabilities found
  0 vulnerabilities ignored
+===========================================================================+

 No known security vulnerabilities found. 

+===========================================================================+

Here's an example output when security vulnerabilities were found during the check:

  Safety v2.3.5 is scanning for Vulnerabilities...
  Scanning dependencies in your environment:

  -> /home/user/workspace/python/misc/venv/lib/python3.10/site-packages

  Using non-commercial database
  Found and scanned 36 packages
  Timestamp 2023-06-25 09:04:06
  1 vulnerability found
  0 vulnerabilities ignored

+===========================================================================+
 VULNERABILITIES FOUND 
+===========================================================================+

-> Vulnerability found in requests version 2.30.0
   Vulnerability ID: 58755
   Affected spec: >=2.3.0,<2.31.0
...

Related

Leave a Comment

Cancel reply

Your email address will not be published.