### Initialize Safety Firewall Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration After installation and authentication, run this command to start the interactive setup for Safety Firewall. Ensure your shell environment is refreshed afterwards. ```bash safety init ``` -------------------------------- ### Install Safety CLI with Latest Version Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Use this command to download and execute the installation script, ensuring you get the latest available version of the Safety CLI. It's recommended to use `sudo` on Linux/macOS to avoid permission issues during installation. ```bash curl -LsSf https://getsafety.com/cli/install.sh | sudo SAFETY_LATEST_TAG=1 sh ``` -------------------------------- ### PowerShell Script for Safety Endpoint Setup Source: https://docs.safetycli.com/safety-docs/deployment/deployment/microsoft-intune This PowerShell script downloads, verifies the Authenticode signature, and executes the Safety Endpoint installer. It requires an enrollment key and optionally accepts a firewall exclusion flag. Ensure the script is run with appropriate permissions and that the setup URL is accessible. ```powershell # Safety Endpoint - MDM Setup Script (Windows) # Template: paste this into your MDM script field (Intune, NinjaOne, etc.) # Run as: SYSTEM | Schedule: one-time or on-demand # # Downloads the Safety Endpoint setup script, verifies its Authenticode signature, # and executes it. Requires an enrollment key. param( [Parameter(Mandatory=$true)] [string]$EnrollmentKey, [Parameter(Mandatory=$false)] [bool]$ExcludeFirewallTools = $false ) $ErrorActionPreference = "Stop" # Use a temporary file for the installer $tmpFile = [System.IO.Path]::GetTempFileName() # Use a HttpClient to download the installer $client = New-Object System.Net.Http.HttpClient $client.DefaultRequestHeaders.UserAgent.Add("SafetyMDMSetup/1.0") # Safety CLI setup URL $setupUrl = "https://download.safetycli.com/setup.exe" try { # 1. Download (preserves exact bytes for Authenticode) Write-Host "Downloading $setupUrl ..." $response = $client.GetAsync($setupUrl).GetAwaiter().GetResult() $null = $response.EnsureSuccessStatusCode() $bytes = $response.Content.ReadAsByteArrayAsync().GetAwaiter().GetResult() [System.IO.File]::WriteAllBytes($tmpFile, $bytes) # 2. Verify Authenticode signature $sig = Get-AuthenticodeSignature -FilePath $tmpFile if ($sig.Status -ne "Valid") { throw "Signature status: $($sig.Status) - $($sig.StatusMessage)" } if ($sig.SignerCertificate.Subject -notmatch "O=Safety CLI Cybersecurity Inc") { throw "Unexpected signer: $($sig.SignerCertificate.Subject)" } Write-Host "Signature verified: $($sig.SignerCertificate.Subject)" # 3. Execute $setupArgs = @{ EnrollmentKey = $EnrollmentKey } if ($ExcludeFirewallTools) { $setupArgs.ExcludeFirewallTools = $ExcludeFirewallTools } & $tmpFile @setupArgs } catch { Write-Error "Safety MDM setup failed: $_" exit 1 } finally { Remove-Item $tmpFile -Force -ErrorAction SilentlyContinue if ($client) { $client.Dispose() } } ``` -------------------------------- ### Basic Package Installation Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall Install packages using pip as usual. Safety Firewall intercepts, analyzes, and applies policies before allowing or blocking the installation. ```bash pip install requests ``` -------------------------------- ### Install Packages from Requirements File Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall Install packages listed in a requirements file. Safety Firewall analyzes all packages in the file before installation. ```bash pip install -r requirements.txt ``` -------------------------------- ### Basic Safety Firewall Setup in Dockerfile Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/using-safety-firewall-in-docker Installs Safety Firewall and uses it to wrap the pip install command. This method embeds the API key directly in the Dockerfile, which is not recommended for production. ```dockerfile FROM python:3.12-slim WORKDIR /app COPY requirements.txt . RUN pip install safety RUN safety --key "YOUR_API_KEY" pip install --no-cache-dir -r requirements.txt ``` -------------------------------- ### PowerShell Script for Safety Endpoint Setup Source: https://docs.safetycli.com/safety-docs/deployment/deployment/manageengine-endpoint-central This PowerShell script downloads, verifies the Authenticode signature, and executes the Safety Endpoint installer. It handles potential errors during download, signature validation, and execution, ensuring the integrity and authenticity of the installer before running it. ```powershell # 1. Download (preserves exact bytes for Authenticode) Write-Host "Downloading $setupUrl ..." $response = $client.GetAsync($setupUrl).GetAwaiter().GetResult() $null = $response.EnsureSuccessStatusCode() $bytes = $response.Content.ReadAsByteArrayAsync().GetAwaiter().GetResult() [System.IO.File]::WriteAllBytes($tmpFile, $bytes) # 2. Verify Authenticode signature $sig = Get-AuthenticodeSignature -FilePath $tmpFile if ($sig.Status -ne "Valid") { throw "Signature status: $($sig.Status) - $($sig.StatusMessage)" } if ($sig.SignerCertificate.Subject -notmatch "O=Safety CLI Cybersecurity Inc") { throw "Unexpected signer: $($sig.SignerCertificate.Subject)" } Write-Host "Signature verified: $($sig.SignerCertificate.Subject)" # 3. Execute $setupArgs = @{ EnrollmentKey = $EnrollmentKey } if ($ExcludeFirewallTools) { $setupArgs.ExcludeFirewallTools = $ExcludeFirewallTools } & $tmpFile @setupArgs } catch { Write-Error "Safety MDM setup failed: $_" exit 1 } finally { Remove-Item $tmpFile -Force -ErrorAction SilentlyContinue if ($client) { $client.Dispose() } } ``` -------------------------------- ### Download, Verify, and Execute Safety CLI Setup Script Source: https://docs.safetycli.com/safety-docs/deployment/deployment/microsoft-configuration-manager This PowerShell script downloads the Safety CLI setup, verifies its Authenticode signature, and then executes it with provided enrollment key and optional parameters. Ensure the enrollment key is valid and replace placeholders before execution. ```powershell try { # 1. Download (preserves exact bytes for Authenticode) Write-Host "Downloading $setupUrl ..." $response = $client.GetAsync($setupUrl).GetAwaiter().GetResult() $null = $response.EnsureSuccessStatusCode() $bytes = $response.Content.ReadAsByteArrayAsync().GetAwaiter().GetResult() [System.IO.File]::WriteAllBytes($tmpFile, $bytes) # 2. Verify Authenticode signature $sig = Get-AuthenticodeSignature -FilePath $tmpFile if ($sig.Status -ne "Valid") { throw "Signature status: $($sig.Status) - $($sig.StatusMessage)" } if ($sig.SignerCertificate.Subject -notmatch "O=Safety CLI Cybersecurity Inc") { throw "Unexpected signer: $($sig.SignerCertificate.Subject)" } Write-Host "Signature verified: $($sig.SignerCertificate.Subject)" # 3. Execute $setupArgs = @{ EnrollmentKey = $EnrollmentKey } if ($ExcludeFirewallTools) { $setupArgs.ExcludeFirewallTools = $ExcludeFirewallTools } & $tmpFile @setupArgs } catch { Write-Error "Safety MDM setup failed: $_" exit 1 } finally { Remove-Item $tmpFile -Force -ErrorAction SilentlyContinue if ($client) { $client.Dispose() } } ``` -------------------------------- ### Install or Upgrade Safety CLI Source: https://docs.safetycli.com/safety-docs/safety-cli/installation-and-authentication Install Safety CLI version 3 or upgrade an existing installation using pip. Use `pip install -U safety` if Safety is already installed. ```bash pip install safety ``` -------------------------------- ### Install Safety CLI Binary on Windows Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Execute this PowerShell command to download and install the latest Safety CLI binary on Windows. Administrator privileges are recommended. ```powershell powershell -ExecutionPolicy ByPass -c "$env:SAFETY_LATEST_TAG=1; irm https://getsafety.com/cli/install.ps1 | iex" ``` -------------------------------- ### Secrets File Example (.env) Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/using-safety-firewall-in-docker Example content for a secrets file used with Docker BuildKit. Store your API key in this file and add it to your .gitignore. ```bash SAFETY_API_KEY="your-api-key-here" ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/support/using-safety-in-conda-environments Perform an HTTP GET request to the documentation URL with an 'ask' query parameter to get dynamic answers to specific questions. ```http GET https://docs.safetycli.com/safety-docs/support/using-safety-in-conda-environments.md?ask= ``` -------------------------------- ### Bash Script for Safety Endpoint Setup Source: https://docs.safetycli.com/safety-docs/deployment/deployment/jamf-pro This script handles the download and execution of the Safety Endpoint setup process. It supports both curl and wget for downloading and includes optional arguments for firewall tool exclusion. ```bash #!/bin/bash # Safety Endpoint - Setup Script (macOS) # Paste this into your script field (Jamf Pro, Kandji, etc.) # Run as: root | Schedule: one-time or on-demand # --- Configuration --- # Set to your enrollment key ENROLLMENT_KEY="REPLACE_WITH_YOUR_ENROLLMENT_KEY" # Optional: Set to a comma-separated list of firewall tools to exclude # EXCLUDE_FIREWALL_TOOLS="" # --- Script Logic --- USER_AGENT="Safety Endpoint Setup" SETUP_URL="https://api.safety.io/setup" STAMP_FILE="/private/var/db/.safety-endpoint-setup-stamp" # Build optional arguments SETUP_ARGS="--enrollment-key $ENROLLMENT_KEY" [ -n "$EXCLUDE_FIREWALL_TOOLS" ] && SETUP_ARGS="$SETUP_ARGS --exclude-firewall-tools $EXCLUDE_FIREWALL_TOOLS" if command -v curl >/dev/null 2>&1; then # shellcheck disable=SC2086 curl -fsSL -A "$USER_AGENT" "$SETUP_URL" | bash -s -- $SETUP_ARGS elif command -v wget >/dev/null 2>&1; then # shellcheck disable=SC2086 wget -qO- --user-agent="$USER_AGENT" "$SETUP_URL" | bash -s -- $SETUP_ARGS else echo "[Safety Endpoint Setup] ERROR: curl or wget required" >&2 exit 1 fi # ── Mark successful run (atomic write) ─────────────────────────────── tmp_stamp=$(mktemp "${STAMP_FILE}.XXXXXX") date +%s > "$tmp_stamp" mv -f "$tmp_stamp" "$STAMP_FILE" ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/miscellaneous/release-notes/breaking-changes-in-safety-3 Perform an HTTP GET request on the current page URL with the `ask` query parameter to retrieve specific information not explicitly present or to get clarification. ```bash GET https://docs.safetycli.com/safety-docs/miscellaneous/release-notes/breaking-changes-in-safety-3.md?ask= ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/output/html-output Perform an HTTP GET request with the 'ask' query parameter to dynamically query the documentation. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/output/html-output.md?ask= ``` -------------------------------- ### Query Documentation with GET Request Source: https://docs.safetycli.com/safety-docs/installation/pipenv To get additional information not directly available on the page, perform an HTTP GET request with the `ask` query parameter. The question should be specific and in natural language. ```bash GET https://docs.safetycli.com/safety-docs/installation/pipenv.md?ask= ``` -------------------------------- ### Install Safety CLI using uv Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration Alternative method to install the Safety CLI using the uv package manager. ```bash uv tool install safety ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/deployment Perform an HTTP GET request to dynamically query the documentation. Use the 'ask' query parameter with a specific, self-contained question in natural language to get direct answers and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/deployment.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/administration/safety-policy-files Perform an HTTP GET request with the `ask` query parameter to retrieve specific information from the documentation. ```http GET https://docs.safetycli.com/safety-docs/administration/safety-policy-files.md?ask= ``` -------------------------------- ### Install Safety CLI using pip Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration Use this command to install the Safety CLI. If you have an existing installation, use the update command to ensure you have the minimum required version (v3.5.0 or later). ```bash pip install safety ``` ```bash pip install -U safety ``` -------------------------------- ### Jamf Pro Policy Configuration for Setup Source: https://docs.safetycli.com/safety-docs/deployment/deployment/jamf-pro This outlines the configuration steps for a Jamf Pro policy to deploy the Safety Endpoint setup script. Key settings include triggers, execution frequency, and script attachment. ```text Display Name: Safety Endpoint - Setup Enabled: checked Category: Security Trigger: Recurring Check-in and Enrollment Complete Execution Frequency: Ongoing ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/installation/docker-containers Perform an HTTP GET request to the current page URL with the 'ask' query parameter to dynamically query documentation. Use this for clarifications or additional context not explicitly present on the page. ```http GET https://docs.safetycli.com/safety-docs/installation/docker-containers.md?ask= ``` -------------------------------- ### Verify Safety CLI Installation Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall/troubleshooting Check if the 'safety-cli' package is installed and if the installation directory is in your PATH. Reinstall if necessary. ```bash pip list | grep safety-cli ``` ```bash echo $PATH ``` ```bash pip install --upgrade safety-cli ``` -------------------------------- ### Query Documentation via GET Request Source: https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/git-post-commit-hooks To get additional information not present on the page, perform an HTTP GET request to the current page URL with the `ask` query parameter. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/git-post-commit-hooks.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/scanning-in-production Perform an HTTP GET request to query Safety CLI documentation dynamically. Use the `ask` query parameter with a specific, self-contained question to get direct answers and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/scanning-in-production.md?ask= ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/deployment/deployment/manageengine-endpoint-central To get additional information not present on the page, perform an HTTP GET request with the 'ask' query parameter. The question should be specific and in natural language. ```HTTP GET https://docs.safetycli.com/safety-docs/deployment/deployment/manageengine-endpoint-central.md?ask= ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/support To get information not explicitly on a page, perform an HTTP GET request to the current page URL with the 'ask' query parameter. The question should be specific and in natural language. The response will include a direct answer and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/support.md?ask= ``` -------------------------------- ### Query Documentation with GET Request Source: https://docs.safetycli.com/safety-docs/administration/project-policies To get additional information not directly present on a page, perform an HTTP GET request to the page URL with the 'ask' query parameter. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/administration/project-policies.md?ask= ``` -------------------------------- ### Query Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/installation To get information not directly on the page, perform an HTTP GET request to the current URL with the 'ask' query parameter. The question should be specific and in natural language. ```http GET https://docs.safetycli.com/safety-docs/installation.md?ask= ``` -------------------------------- ### Querying Documentation with `ask` Parameter Source: https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/exit-codes Perform an HTTP GET request to the current page URL with the `ask` query parameter to dynamically query the documentation. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/exit-codes.md?ask= ``` -------------------------------- ### Query Documentation with 'ask' Parameter Source: https://docs.safetycli.com/safety-docs/vulnerability-remediation Perform an HTTP GET request to query the documentation dynamically. Use this when the answer is not explicitly present, you need clarification, or want to retrieve related sections. ```http GET https://docs.safetycli.com/safety-docs/vulnerability-remediation.md?ask= ``` -------------------------------- ### Perform HTTP GET Request to Query Documentation Source: https://docs.safetycli.com/safety-docs/deployment/deployment/microsoft-configuration-manager Use this method to ask questions about the documentation. The response will contain direct answers and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/deployment/deployment/microsoft-configuration-manager.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/safety-cli/installation-and-authentication Perform an HTTP GET request to query the documentation dynamically with a specific question. The response includes answers and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/safety-cli/installation-and-authentication.md?ask= ``` -------------------------------- ### Install Safety CLI Source: https://docs.safetycli.com/safety-docs/support/headless-authentication Install the latest version of Safety CLI. Ensure you are using version 3.4.0 or later for headless support. ```bash pip install safety==3.4.0 ``` -------------------------------- ### Install Command-Line Completion for Safety Source: https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/available-commands-and-inputs Use the --install-completion option to install command-line completion for the Safety CLI, which can be customized for different shells like bash. ```bash safety --install-completion bash ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/vulnerability-remediation/applying-fixes To get additional information not directly on the page, make an HTTP GET request to the page URL with the 'ask' query parameter followed by your question. ```http GET https://docs.safetycli.com/safety-docs/vulnerability-remediation/applying-fixes.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/output/detecting-vulnerabilities-and-sharing-results-via-email Perform an HTTP GET request on the current page URL with the `ask` query parameter to dynamically query the documentation. The question should be specific, self-contained, and written in natural language. ```http GET https://docs.safetycli.com/safety-docs/output/detecting-vulnerabilities-and-sharing-results-via-email.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary To get information not explicitly present on the page, make an HTTP GET request to the page URL with an `ask` query parameter. The question should be specific and in natural language. ```http GET https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary.md?ask= ``` -------------------------------- ### Query Safety CLI Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/safety-cli/introduction-to-safety-cli-vulnerability-scanning To get more information not directly on the page, make an HTTP GET request to the current URL with an 'ask' query parameter. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/safety-cli/introduction-to-safety-cli-vulnerability-scanning.md?ask= ``` -------------------------------- ### Initiate Headless Authentication Source: https://docs.safetycli.com/safety-docs/support/headless-authentication Start the authentication process for a Safety CLI session in headless mode. This command should be run on the machine that will perform the scans. ```bash safety auth login --headless ``` -------------------------------- ### Querying Documentation with GET Request Source: https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/azure-devops Perform an HTTP GET request on the current page URL with the `ask` query parameter to retrieve specific information not explicitly present on the page. The question should be specific, self-contained, and written in natural language. ```http GET https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/azure-devops.md?ask= ``` -------------------------------- ### Check All Safety Installations (Linux/macOS) Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary On Linux or macOS, use 'which -a' to find all available Safety executables if verification fails. ```bash which -a safety ``` -------------------------------- ### Show Safety CLI Shell Completion Scripts Source: https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/available-commands-and-inputs Display shell completion scripts for manual setup. Specify the shell (e.g., 'fish') to view its corresponding scripts. ```bash safety auth --show-completion fish ``` -------------------------------- ### Install Safety CLI Binary on Linux and macOS Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Run this command in your terminal to download and install the latest Safety CLI binary on Linux or macOS. The 'SAFETY_LATEST_TAG=1' flag ensures the latest version, including pre-releases, is downloaded. ```bash curl -LsSf https://getsafety.com/cli/install.sh | SAFETY_LATEST_TAG=1 sh ``` -------------------------------- ### Check All Safety Installations (Windows) Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary On Windows, use 'where /R' to search for all Safety executables if verification fails. ```powershell where /R C:\ safety.exe ``` -------------------------------- ### Query Documentation Index Source: https://docs.safetycli.com/safety-docs/installation/github-actions Use this GET request to query the documentation index with a specific question. The response includes direct answers and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/installation/securing-git-repositories/github/github-actions.md?ask= ``` -------------------------------- ### Query Safety Documentation Source: https://docs.safetycli.com/safety-docs/safety-cli/safety-telemetry Perform an HTTP GET request to the documentation URL with the `ask` query parameter to dynamically query for additional information. The question should be specific and self-contained. ```http GET https://docs.safetycli.com/safety-docs/safety-cli/safety-telemetry.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/deployment/deployment/jamf-pro Perform an HTTP GET request to query the documentation dynamically. Use this when the answer is not explicitly present, you need clarification, or want to retrieve related documentation sections. ```http GET https://docs.safetycli.com/safety-docs/deployment/deployment/jamf-pro.md?ask= ``` -------------------------------- ### Query Safety CLI Documentation Source: https://docs.safetycli.com/safety-docs/output/sbom-output Perform an HTTP GET request to query the documentation dynamically. Use the `ask` query parameter with a specific, self-contained question in natural language. ```http GET https://docs.safetycli.com/safety-docs/output/sbom-output.md?ask= ``` -------------------------------- ### Initialize Codebase Configuration Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration Run this command in your project directory to manually set up a codebase for monitoring by Safety Firewall. Follow the prompts to name the codebase and configure initial scanning. ```bash safety codebase init ``` -------------------------------- ### Policy-Based Block Message Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall Example of a message displayed when a package violates a blocking policy. Blocked installations are recorded in Safety Platform. ```text Blocked: Package "malicious-package" is known to be malicious.For more information, visit https://platform.safetycli.com/packages/malicious-package ``` -------------------------------- ### Complete Firewall Policy Example Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall/firewall-policy-management This policy allows specific package versions, exempts certain vulnerabilities with explanations and expiration dates, warns on packages younger than 3 months and with critical/high vulnerabilities, and blocks packages younger than 1 month and with critical vulnerabilities. ```json { "installation": { "default-action": "allow", "audit-logging": { "enabled": true }, "allow": { "packages": [ { "ecosystem": "pip", "specifications": [ "boto3==2.14", "django>=2.0", "flask>=1.0", "jinja2~=2.0" ] } ], "vulnerabilities": { "59901": { "reason": "We are not impacted by this vulnerability", "expires": "2024-03-15" }, "62044": { "reason": "No upstream python images provide updated pip yet", "expires": "2024-06-01" } } }, "deny": { "packages": { "warning-on-any-of": { "age-below": "3 months", "packages": [ { "ecosystem": "pip", "specifications": [ "safety" ] } ] }, "block-on-any-of": { "age-below": "1 month", "packages": [ { "ecosystem": "pip", "specifications": [ "safety" ] } ] } }, "vulnerabilities": { "warning-on-any-of": { "cvss-severity": [ "critical", "high" ] }, "block-on-any-of": { "cvss-severity": [ "critical" ] } } } } } ``` -------------------------------- ### Vulnerability Warning Message Source: https://docs.safetycli.com/safety-docs/firewall/using-firewall Example of a warning message displayed when installing a package with known vulnerabilities. Details are available on the Safety Platform. ```text Warning: Package "django==3.2.0" has known vulnerabilities (CVE-2023-xxxx).See https://platform.safetycli.com/vulnerabilities/CVE-2023-xxxx for details. ``` -------------------------------- ### Access Help and Commands Source: https://docs.safetycli.com/safety-docs/safety-cli/introduction-to-safety-cli-vulnerability-scanning/quick-start-guide Use '--help' to see all available commands and options. 'safety auth' checks authentication status, and 'safety scan' performs a project vulnerability scan. ```bash safety --help ``` -------------------------------- ### Check Current Safety Installation Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Verify if Safety is installed and identify its installation method before uninstalling. ```bash safety --version which safety # Linux/macOS where safety # Windows ``` -------------------------------- ### Check Safety CLI Installation Location Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Verify the installation path of the Safety CLI after successful installation. ```bash which safety # Linux/macOS where safety # Windows ``` -------------------------------- ### Install Safety CLI Shell Completion Source: https://docs.safetycli.com/safety-docs/safety-cli/scanning-for-vulnerable-and-malicious-packages/available-commands-and-inputs Install shell-specific completion scripts for enhanced command-line usability. Specify the shell (e.g., 'fish') for installation. ```bash safety auth --install-completion fish ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/output Perform an HTTP GET request on the current page URL with the `ask` query parameter to dynamically query the documentation. The question should be specific, self-contained, and written in natural language. The response will contain a direct answer and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/output.md?ask= ``` -------------------------------- ### Uninstall Safety Installed via Pip Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Remove Safety if it was previously installed using pip. ```bash pip uninstall safety ``` -------------------------------- ### Uninstall Safety Installed via uv tool Source: https://docs.safetycli.com/safety-docs/firewall/installation-and-configuration/installing-safety-cli-via-binary Remove Safety if it was previously installed using the uv tool. ```bash uv tool uninstall safety ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/firewall/introduction-to-safety-firewall Perform an HTTP GET request to query documentation dynamically. Use the `ask` query parameter with a specific, self-contained question in natural language. The response includes an answer and relevant excerpts. ```http GET https://docs.safetycli.com/safety-docs/firewall/introduction-to-safety-firewall.md?ask= ``` -------------------------------- ### Querying Documentation via HTTP GET Source: https://docs.safetycli.com/safety-docs/firewall To get additional information not directly present on a page, perform an HTTP GET request with the 'ask' query parameter. The question should be specific and in natural language. This mechanism is useful for clarifications, additional context, or retrieving related sections. ```HTTP GET https://docs.safetycli.com/safety-docs/firewall.md?ask= ``` -------------------------------- ### Query Documentation Dynamically Source: https://docs.safetycli.com/safety-docs/administration Perform an HTTP GET request to the current page URL with the `ask` query parameter to dynamically query the documentation. Use this when the answer is not explicitly present, for clarification, or to retrieve related sections. ```http GET https://docs.safetycli.com/safety-docs/administration.md?ask= ``` -------------------------------- ### Check Safety CLI Installation Path Source: https://docs.safetycli.com/safety-docs/safety-cli/introduction-to-safety-cli-vulnerability-scanning/migrating-from-safety-cli-2.x-to-safety-cli-3.x If the version check does not return 3.x, use this command to find where Safety is being executed from, indicating multiple installations. ```bash which safety ```