Python dependency security vulnerability checker.

In an article before we talked about packages to test dependency security vulnerability for php, node and ROR packages. In this tutorial we are going to talk about python dependency security vulnerability checker which can be very useful for checking security loopholes in python projects which are listed by the open source community.

The package we are going to talk about is Safety. You can install it the same way you install normal packages for python using pip.

For installation

pip install safety

To check your all python packages installed on the system for security vulnerability just type

 
safety check

For checking you requirements file for vulnerability you can use

safety check -r requirements.txt

You can also pass the pip freeze result to it, just type

pip freeze | safety check

On typing this it will give the following results.

Python dependency security vulnerability checker

Suggested books for Python


This package check the list of your dependencies with National Vulnerability Database and also the change logs of different pip packages. This package make use of safety db.

This package return code 0 and 1 if fails so it is easy to pipe it with others if you want the answers in bool

Alternatively you can also use safety-cli. It will also check dependency for node packages and Ruby on Rails packages.

Safety-cli is in beta and you can use it for now the way shown below.

For installation type.

pip install safety-cli

Usage with different packages dependency files. Package.json for node, Gemfile for Ruby on rails and  requirements.txt for python

safety check -f package.json --key=gowivm9eZt
safety check -f Gemfile --key=gowivm9eZt
safety check -f requirements.txt --key=gowivm9eZt


The keys may change please visit their site https://safetydb.io/ for latest keys or info.

Dependency Checker:

This package is featured on OWASP and is not that easy to use. Follow the repository on github to use it.

If you found this article interesting, do share and let other know.


Gaurav Yadav

Gaurav is cloud infrastructure engineer and a full stack web developer and blogger. Sportsperson by heart and loves football. Scale is something he loves to work for and always keen to learn new tech. Experienced with CI/CD, distributed cloud infrastructure, build systems and lot of SRE Stuff.

1 COMMENT
  • What components a simple software project should have? - Learn Steps
    Reply

    […] Security Checker […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.