Skip to content

Commit

Permalink
Demo Notebook
Browse files Browse the repository at this point in the history
  • Loading branch information
@dylanpulver
dylanpulver committed Sep 5, 2024
1 parent 3909add commit de841ba
Showing 1 changed file with 79 additions and 55 deletions.
134 changes: 79 additions & 55 deletions docs/Safety-CLI-Quickstart.ipynb
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
{
"cells": [
{
"cell_type": "markdown",
"id": "f24e2363",
"metadata": {},
"source": [
"[![safety](https://cdn.safetycli.com/images/cli_readme_header.png)](https://docs.safetycli.com/)"
]
},
{
"cell_type": "markdown",
"id": "b4f4e8ff",
Expand All @@ -8,86 +16,102 @@
"# Safety CLI Quickstart Guide\n",
"\n",
"## Introduction\n",
"Safety is a tool for finding security vulnerabilities in your Python dependencies.\n",
"Safety CLI is a Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems. Safety CLI can be deployed in minutes and provides clear, actionable recommendations for remediation of detected vulnerabilities.\n",
"\n",
"Leveraging the industry's most comprehensive database of vulnerabilities and malicious packages, Safety CLI Scanner allows teams to detect vulnerabilities at every stage of the software development lifecycle.\n",
"\n",
"\n",
"## Installation\n",
"To install Safety, run the following command:\n"
"To install Safety, run the following command (please ignore the `%%capture` text, this is just to suppress jupyter notebook output):\n"
]
},
{
"cell_type": "code",
"execution_count": 1,
"execution_count": 4,
"id": "227ab8d1",
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Requirement already satisfied: safety in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (3.2.3)\n",
"Requirement already satisfied: setuptools>=65.5.1 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (70.2.0)\n",
"Requirement already satisfied: Click>=8.0.2 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (8.1.3)\n",
"Requirement already satisfied: urllib3>=1.26.5 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (2.2.1)\n",
"Requirement already satisfied: requests in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (2.31.0)\n",
"Requirement already satisfied: packaging>=21.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (23.1)\n",
"Requirement already satisfied: dparse>=0.6.4b0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (0.6.4b0)\n",
"Requirement already satisfied: ruamel.yaml>=0.17.21 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (0.18.6)\n",
"Requirement already satisfied: jinja2>=3.1.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (3.1.4)\n",
"Requirement already satisfied: marshmallow>=3.15.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (3.21.3)\n",
"Requirement already satisfied: Authlib>=1.2.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (1.3.1)\n",
"Requirement already satisfied: rich in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (13.7.1)\n",
"Requirement already satisfied: typer in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (0.12.3)\n",
"Requirement already satisfied: pydantic>=1.10.12 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (2.7.3)\n",
"Requirement already satisfied: safety-schemas>=0.0.2 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (0.0.2)\n",
"Requirement already satisfied: typing-extensions>=4.7.1 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from safety) (4.11.0)\n",
"Requirement already satisfied: cryptography in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from Authlib>=1.2.0->safety) (42.0.5)\n",
"Requirement already satisfied: MarkupSafe>=2.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from jinja2>=3.1.0->safety) (2.1.5)\n",
"Requirement already satisfied: annotated-types>=0.4.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from pydantic>=1.10.12->safety) (0.7.0)\n",
"Requirement already satisfied: pydantic-core==2.18.4 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from pydantic>=1.10.12->safety) (2.18.4)\n",
"Requirement already satisfied: ruamel.yaml.clib>=0.2.7 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from ruamel.yaml>=0.17.21->safety) (0.2.8)\n",
"Requirement already satisfied: charset-normalizer<4,>=2 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from requests->safety) (3.3.2)\n",
"Requirement already satisfied: idna<4,>=2.5 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from requests->safety) (3.6)\n",
"Requirement already satisfied: certifi>=2017.4.17 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from requests->safety) (2024.6.2)\n",
"Requirement already satisfied: markdown-it-py>=2.2.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from rich->safety) (3.0.0)\n",
"Requirement already satisfied: pygments<3.0.0,>=2.13.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from rich->safety) (2.18.0)\n",
"Requirement already satisfied: shellingham>=1.3.0 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from typer->safety) (1.5.4)\n",
"Requirement already satisfied: mdurl~=0.1 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from markdown-it-py>=2.2.0->rich->safety) (0.1.2)\n",
"Requirement already satisfied: cffi>=1.12 in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from cryptography->Authlib>=1.2.0->safety) (1.16.0)\n",
"Requirement already satisfied: pycparser in /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages (from cffi>=1.12->cryptography->Authlib>=1.2.0->safety) (2.21)\n",
"\n",
"\u001b[1m[\u001b[0m\u001b[34;49mnotice\u001b[0m\u001b[1;39;49m]\u001b[0m\u001b[39;49m A new release of pip is available: \u001b[0m\u001b[31;49m24.1.1\u001b[0m\u001b[39;49m -> \u001b[0m\u001b[32;49m24.2\u001b[0m\n",
"\u001b[1m[\u001b[0m\u001b[34;49mnotice\u001b[0m\u001b[1;39;49m]\u001b[0m\u001b[39;49m To update, run: \u001b[0m\u001b[32;49mpython3.11 -m pip install --upgrade pip\u001b[0m\n",
"Note: you may need to restart the kernel to use updated packages.\n"
]
}
],
"outputs": [],
"source": [
"pip install safety"
"%%capture\n",
"!pip install safety"
]
},
{
"cell_type": "code",
"execution_count": 3,
"id": "3f7a97fe",
"execution_count": 11,
"id": "8493f5de",
"metadata": {},
"outputs": [
{
"ename": "SyntaxError",
"evalue": "invalid syntax (3904809674.py, line 1)",
"output_type": "error",
"traceback": [
"\u001b[0;36m Cell \u001b[0;32mIn[3], line 1\u001b[0;36m\u001b[0m\n\u001b[0;31m safety scan\u001b[0m\n\u001b[0m ^\u001b[0m\n\u001b[0;31mSyntaxError\u001b[0m\u001b[0;31m:\u001b[0m invalid syntax\n"
"name": "stdout",
"output_type": "stream",
"text": [
"\u001b[1mSafety\u001b[0m 3.2.5 scanning /Users/dylanpulver/Repos/pyup/safety/docs\n",
"2024-09-05 21:34:45 UTC\n",
"\n",
"\u001b[1;39;49mAccount\u001b[0m: Dylan Pulver, [email protected] \n",
"\u001b[1;39;49m Git branch\u001b[0m: feature/demo-notebook\n",
"\u001b[1;39;49m Environment\u001b[0m: Stage.development\n",
"\u001b[1;39;49m Scan policy\u001b[0m: None, using Safety CLI default policies\n",
"\n",
"\u001b[2K\u001b[32m[ ]\u001b[0m Fetching Safety's vulnerability database.....\n",
"\u001b[1A\u001b[2K\u001b[?25lPython detected. Found 1 Python requirement file\n",
"\u001b[2K\u001b[32m[ ]\u001b[0m Scanning project directory\n",
"\u001b[2K\u001b[32m[== ]\u001b[0m Analyzing python files and environments for security findingsy findings\n",
"\u001b[2KDependency vulnerabilities detected:nd environments for security findings\n",
"\u001b[2Km[= ]\u001b[0m Analyzing python files and environments for security findings\n",
"\u001b[2K📝 \u001b[1;39;49mdemo_requirements.txt:\u001b[0menvironments for security findings\n",
"\u001b[2Km[= ]\u001b[0m Analyzing python files and environments for security findings\n",
"\u001b[2K \u001b[1;33;49minsecure-\u001b[0m\u001b[1;33;49mpackage\u001b[0m\u001b[1;36;49m==\u001b[0m\u001b[1;36;49m0.1\u001b[0m [1 vulnerability found] \n",
"\u001b[2K -> Vuln ID \u001b[1;39;49m58758\u001b[0m: \n",
"\u001b[2K Insecure-package 0.2.0 test vuln. \n",
"\u001b[2K No known fix for \u001b[1;33;49minsecure-\u001b[0m\u001b[1;33;49mpackage\u001b[0m\u001b[1;36;49m==\u001b[0m\u001b[1;36;49m0.1\u001b[0m to fix \u001b[1;36;49m1\u001b[0m vulnerability \n",
"\u001b[2K Learn more: \u001b[4;94;49mhttps://data.safetycli.com/p/pypi/insecure-package/eda/?\u001b[0m\u001b[4;94;49mfrom\u001b[0m\u001b[4;94;49m=\u001b[0m\u001b[4;94;49m0\u001b[0m\u001b[4;94;49m.1\u001b[0m \n",
"\u001b[2K\u001b[32m[= ]\u001b[0m Analyzing python files and environments for security findings\n",
"\u001b[1A\u001b[2K\n",
"--------------------------------------------------------------------------------\n",
"Apply Fixes\n",
"--------------------------------------------------------------------------------\n",
"\n",
"\u001b[32mRun `safety scan --apply-fixes`\u001b[0m to update these packages and fix these \n",
"vulnerabilities. Documentation, limitations, and configurations for applying \n",
"automated fixes: \n",
"\u001b[4;94;49mhttps://docs.safetycli.com/safety-docs/vulnerability-remediation/applying-fixes\u001b[0m\n",
"\n",
"Alternatively, use your package manager to update packages to their secure \n",
"versions. Always check for breaking changes when updating packages.\n",
"\u001b[1;39;49mTip\u001b[0m: For more detailed output on each vulnerability, add the `--detailed-output`\n",
"flag to safety scan.\n",
"\n",
"--------------------------------------------------------------------------------\n",
"\n",
"Tested \u001b[1;36;49m1\u001b[0m dependency for known security issues using default Safety CLI policies\n",
"\u001b[1;36;49m1\u001b[0m security issue found, \u001b[1;36;49m0\u001b[0m fixes suggested\n",
"\u001b[?25l\u001b[32m[ ]\u001b[0m Processing report\n",
"\u001b[1A\u001b[2K\u001b[?25l\n",
"\u001b[2K\u001b[32m[ ]\u001b[0m Processing report\n",
"\u001b[1A\u001b[2K"
]
}
],
"source": [
"safety scan"
"import os\n",
"\n",
"# Add demo_requirements.txt file with an insecure package\n",
"with open(\"demo_requirements.txt\", \"w\") as file:\n",
" file.write(\"insecure-package==0.1\\n\")\n",
"\n",
"# Run the safety scan command directly\n",
"!safety scan \n",
"\n",
"# Clean up by removing the demo_requirements.txt file\n",
"os.remove(\"demo_requirements.txt\")"
]
},
{
"cell_type": "code",
"execution_count": null,
"id": "8493f5de",
"id": "6b354cb6",
"metadata": {},
"outputs": [],
"source": []
Expand Down

0 comments on commit de841ba

Please sign in to comment.