Learn Steps

Python dependency security vulnerability checker.

In an article before we talked about packages to test dependency security vulnerability for php, node and ROR packages. In this tutorial we are going to talk about python dependency security vulnerability checker which can be very useful for checking security loopholes in python projects which are listed by the open source community.

The package we are going to talk about is Safety. You can install it the same way you install normal packages for python using pip.

For installation

pip install safety

To check your all python packages installed on the system for security vulnerability just type

 
safety check

For checking you requirements file for vulnerability you can use

safety check -r requirements.txt

You can also pass the pip freeze result to it, just type

pip freeze | safety check

On typing this it will give the following results.

Suggested books for Python

This package check the list of your dependencies with National Vulnerability Database and also the change logs of different pip packages. This package make use of safety db.

This package return code 0 and 1 if fails so it is easy to pipe it with others if you want the answers in bool

Alternatively you can also use safety-cli. It will also check dependency for node packages and Ruby on Rails packages.

Safety-cli is in beta and you can use it for now the way shown below.

For installation type.

pip install safety-cli

Usage with different packages dependency files. Package.json for node, Gemfile for Ruby on rails and  requirements.txt for python

safety check -f package.json --key=gowivm9eZt
safety check -f Gemfile --key=gowivm9eZt
safety check -f requirements.txt --key=gowivm9eZt


The keys may change please visit their site https://safetydb.io/ for latest keys or info.

Dependency Checker:

This package is featured on OWASP and is not that easy to use. Follow the repository on github to use it.

If you found this article interesting, do share and let other know.