-
Notifications
You must be signed in to change notification settings - Fork 151
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* begin on notebook file and setup * Demo Notebook * remove personal info
- Loading branch information
1 parent
af7fa27
commit 15e757c
Showing
2 changed files
with
147 additions
and
0 deletions.
There are no files selected for viewing
6 changes: 6 additions & 0 deletions
6
docs/.ipynb_checkpoints/Safety-CLI-Quickstart-checkpoint.ipynb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
{ | ||
"cells": [], | ||
"metadata": {}, | ||
"nbformat": 4, | ||
"nbformat_minor": 5 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
{ | ||
"cells": [ | ||
{ | ||
"cell_type": "markdown", | ||
"id": "f24e2363", | ||
"metadata": {}, | ||
"source": [ | ||
"[![safety](https://cdn.safetycli.com/images/cli_readme_header.png)](https://docs.safetycli.com/)" | ||
] | ||
}, | ||
{ | ||
"cell_type": "markdown", | ||
"id": "b4f4e8ff", | ||
"metadata": {}, | ||
"source": [ | ||
"# Safety CLI Quickstart Guide\n", | ||
"\n", | ||
"## Introduction\n", | ||
"Safety CLI is a Python dependency vulnerability scanner designed to enhance software supply chain security by detecting packages with known vulnerabilities and malicious packages in local development environments, CI/CD, and production systems. Safety CLI can be deployed in minutes and provides clear, actionable recommendations for remediation of detected vulnerabilities.\n", | ||
"\n", | ||
"Leveraging the industry's most comprehensive database of vulnerabilities and malicious packages, Safety CLI Scanner allows teams to detect vulnerabilities at every stage of the software development lifecycle.\n", | ||
"\n", | ||
"\n", | ||
"## Installation\n", | ||
"To install Safety, run the following command (please ignore the `%%capture` text, this is just to suppress jupyter notebook output):\n" | ||
] | ||
}, | ||
{ | ||
"cell_type": "code", | ||
"execution_count": 4, | ||
"id": "227ab8d1", | ||
"metadata": {}, | ||
"outputs": [], | ||
"source": [ | ||
"%%capture\n", | ||
"!pip install safety" | ||
] | ||
}, | ||
{ | ||
"cell_type": "code", | ||
"execution_count": 11, | ||
"id": "8493f5de", | ||
"metadata": {}, | ||
"outputs": [ | ||
{ | ||
"name": "stdout", | ||
"output_type": "stream", | ||
"text": [ | ||
"\u001b[1mSafety\u001b[0m 3.2.5 scanning /safety/docs\n", | ||
"2024-09-05 21:34:45 UTC\n", | ||
"\n", | ||
"\u001b[1;39;49mAccount\u001b[0m: [Your Name], [email protected] \n", | ||
"\u001b[1;39;49m Git branch\u001b[0m: feature/demo-notebook\n", | ||
"\u001b[1;39;49m Environment\u001b[0m: Stage.development\n", | ||
"\u001b[1;39;49m Scan policy\u001b[0m: None, using Safety CLI default policies\n", | ||
"\n", | ||
"\u001b[2K\u001b[32m[ ]\u001b[0m Fetching Safety's vulnerability database.....\n", | ||
"\u001b[1A\u001b[2K\u001b[?25lPython detected. Found 1 Python requirement file\n", | ||
"\u001b[2K\u001b[32m[ ]\u001b[0m Scanning project directory\n", | ||
"\u001b[2K\u001b[32m[== ]\u001b[0m Analyzing python files and environments for security findingsy findings\n", | ||
"\u001b[2KDependency vulnerabilities detected:nd environments for security findings\n", | ||
"\u001b[2Km[= ]\u001b[0m Analyzing python files and environments for security findings\n", | ||
"\u001b[2K📝 \u001b[1;39;49mdemo_requirements.txt:\u001b[0menvironments for security findings\n", | ||
"\u001b[2Km[= ]\u001b[0m Analyzing python files and environments for security findings\n", | ||
"\u001b[2K \u001b[1;33;49minsecure-\u001b[0m\u001b[1;33;49mpackage\u001b[0m\u001b[1;36;49m==\u001b[0m\u001b[1;36;49m0.1\u001b[0m [1 vulnerability found] \n", | ||
"\u001b[2K -> Vuln ID \u001b[1;39;49m58758\u001b[0m: \n", | ||
"\u001b[2K Insecure-package 0.2.0 test vuln. \n", | ||
"\u001b[2K No known fix for \u001b[1;33;49minsecure-\u001b[0m\u001b[1;33;49mpackage\u001b[0m\u001b[1;36;49m==\u001b[0m\u001b[1;36;49m0.1\u001b[0m to fix \u001b[1;36;49m1\u001b[0m vulnerability \n", | ||
"\u001b[2K Learn more: \u001b[4;94;49mhttps://data.safetycli.com/p/pypi/insecure-package/eda/?\u001b[0m\u001b[4;94;49mfrom\u001b[0m\u001b[4;94;49m=\u001b[0m\u001b[4;94;49m0\u001b[0m\u001b[4;94;49m.1\u001b[0m \n", | ||
"\u001b[2K\u001b[32m[= ]\u001b[0m Analyzing python files and environments for security findings\n", | ||
"\u001b[1A\u001b[2K\n", | ||
"--------------------------------------------------------------------------------\n", | ||
"Apply Fixes\n", | ||
"--------------------------------------------------------------------------------\n", | ||
"\n", | ||
"\u001b[32mRun `safety scan --apply-fixes`\u001b[0m to update these packages and fix these \n", | ||
"vulnerabilities. Documentation, limitations, and configurations for applying \n", | ||
"automated fixes: \n", | ||
"\u001b[4;94;49mhttps://docs.safetycli.com/safety-docs/vulnerability-remediation/applying-fixes\u001b[0m\n", | ||
"\n", | ||
"Alternatively, use your package manager to update packages to their secure \n", | ||
"versions. Always check for breaking changes when updating packages.\n", | ||
"\u001b[1;39;49mTip\u001b[0m: For more detailed output on each vulnerability, add the `--detailed-output`\n", | ||
"flag to safety scan.\n", | ||
"\n", | ||
"--------------------------------------------------------------------------------\n", | ||
"\n", | ||
"Tested \u001b[1;36;49m1\u001b[0m dependency for known security issues using default Safety CLI policies\n", | ||
"\u001b[1;36;49m1\u001b[0m security issue found, \u001b[1;36;49m0\u001b[0m fixes suggested\n", | ||
"\u001b[?25l\u001b[32m[ ]\u001b[0m Processing report\n", | ||
"\u001b[1A\u001b[2K\u001b[?25l\n", | ||
"\u001b[2K\u001b[32m[ ]\u001b[0m Processing report\n", | ||
"\u001b[1A\u001b[2K" | ||
] | ||
} | ||
], | ||
"source": [ | ||
"import os\n", | ||
"\n", | ||
"# Add demo_requirements.txt file with an insecure package\n", | ||
"with open(\"demo_requirements.txt\", \"w\") as file:\n", | ||
" file.write(\"insecure-package==0.1\\n\")\n", | ||
"\n", | ||
"# Run the safety scan command directly\n", | ||
"!safety scan \n", | ||
"\n", | ||
"# Clean up by removing the demo_requirements.txt file\n", | ||
"os.remove(\"demo_requirements.txt\")" | ||
] | ||
}, | ||
{ | ||
"cell_type": "code", | ||
"execution_count": null, | ||
"id": "6b354cb6", | ||
"metadata": {}, | ||
"outputs": [], | ||
"source": [] | ||
} | ||
], | ||
"metadata": { | ||
"kernelspec": { | ||
"display_name": "Python 3 (ipykernel)", | ||
"language": "python", | ||
"name": "python3" | ||
}, | ||
"language_info": { | ||
"codemirror_mode": { | ||
"name": "ipython", | ||
"version": 3 | ||
}, | ||
"file_extension": ".py", | ||
"mimetype": "text/x-python", | ||
"name": "python", | ||
"nbconvert_exporter": "python", | ||
"pygments_lexer": "ipython3", | ||
"version": "3.11.2" | ||
} | ||
}, | ||
"nbformat": 4, | ||
"nbformat_minor": 5 | ||
} |