In the software development, ensuring the security of applications is important. One critical aspect of application security is checking for vulnerabilities in the third-party libraries and dependencies we use in our Python projects. Fortunately, there are powerful tools available to help us identify and address potential security issues. One such tool is the Safety package, which provides a simple and efficient way to check for known vulnerabilities in Python dependencies. This tutorial explains how to check Python dependencies vulnerabilities using the Safety package.
Before we can start utilizing the Safety package, we need to ensure that it is installed in the Python environment. We can install it by running the following command using pip
:
pip install safety
To check the currently selected Python environment for dependencies with known security vulnerabilities, run:
safety check
Here's an example output when no security vulnerabilities found:
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /home/user/workspace/python/misc/venv/lib/python3.10/site-packages
Using non-commercial database
Found and scanned 36 packages
Timestamp 2023-06-25 09:05:19
0 vulnerabilities found
0 vulnerabilities ignored
+===========================================================================+
No known security vulnerabilities found.
+===========================================================================+
Here's an example output when security vulnerabilities were found during the check:
Safety v2.3.5 is scanning for Vulnerabilities...
Scanning dependencies in your environment:
-> /home/user/workspace/python/misc/venv/lib/python3.10/site-packages
Using non-commercial database
Found and scanned 36 packages
Timestamp 2023-06-25 09:04:06
1 vulnerability found
0 vulnerabilities ignored
+===========================================================================+
VULNERABILITIES FOUND
+===========================================================================+
-> Vulnerability found in requests version 2.30.0
Vulnerability ID: 58755
Affected spec: >=2.3.0,<2.31.0
...
Leave a Comment
Cancel reply