In an article before we talked about packages to test dependency security vulnerability for php, node and ROR packages. In this tutorial we are going to talk about python dependency security vulnerability checker which can be very useful for checking security loopholes in python projects which are listed by the open source community.
The package we are going to talk about is Safety. You can install it the same way you install normal packages for python using pip.
For installation
pip install safety
To check your all python packages installed on the system for security vulnerability just type
safety check
For checking you requirements file for vulnerability you can use
safety check -r requirements.txt
You can also pass the pip freeze result to it, just type
pip freeze | safety check
On typing this it will give the following results.
This package check the list of your dependencies with National Vulnerability Database and also the change logs of different pip packages. This package make use of safety db.
This package return code 0 and 1 if fails so it is easy to pipe it with others if you want the answers in bool
Alternatively you can also use safety-cli. It will also check dependency for node packages and Ruby on Rails packages.
Safety-cli is in beta and you can use it for now the way shown below.
For installation type.
pip install safety-cli
Usage with different packages dependency files. Package.json for node, Gemfile for Ruby on rails and requirements.txt for python
safety check -f package.json --key=gowivm9eZt
safety check -f Gemfile --key=gowivm9eZt
safety check -f requirements.txt --key=gowivm9eZt
The keys may change please visit their site https://safetydb.io/ for latest keys or info.
This package is featured on OWASP and is not that easy to use. Follow the repository on github to use it.
If you found this article interesting, do share and let other know.
1 COMMENT
[…] Security Checker […]