A More Secure Safety: Upcoming Features and Improvements

[nickste]

Summary: We are introducing new features that will make protecting people, AI assistants, and codebases from software supply chain risk a core capability of Safety. All existing scanning functionality remains unchanged, and we’re committed to maintaining a free, open-source version of Safety. In some cases, offering better protection will require us to change how Safety works and collect information that we hadn’t in the past. We’ve called out these anticipated changes in the What’s Changing section.

Background

Since 2016, Safety (then called PyUp) has offered a leading command-line scanner that detects vulnerabilities in Python dependencies. Today, the Safety CLI is downloaded 2M times each month. The Safety vulnerability database has grown to over 18,000 Python vulnerabilities and has over 200% more Python vulnerabilities than OSV and GitHub Security Advisory (over 370% if you count transitive vulnerabilities).

Over the past few months, we’ve had hundreds of conversations with customers, cybersecurity experts, CISOs, OSS community members, and developers. From those discussions, we have observed an increasing trend towards software supply chain attacks targeting developers and analysts directly. Malicious packages—which compromise you as soon as they are installed— have grown at 156% YoY, to over 500,000 packages in 2024. Traditional vulnerability scanners don’t protect you from this threat as they only scan packages after you’ve installed them, and EDR solutions lack the necessary package context to identify malicious actions. The rapid rise in AI assistants and IDEs, like Claude, Windsurf, and Cursor, further compound this problem as these assistants face knowledge cutoff dates that make them unaware of new vulnerabilities or recently discovered malicious packages. And cybersecurity leaders continue to tell us how difficult it is to audit and govern their use of open-source across their organization.

Protecting People, AI Assistants, and Codebases

To counter these threats, we are introducing new capabilities into Safety to detect malicious and vulnerable software packages before you install them, and integrating with your favorite AI assistants to ensure they write code that uses vulnerability-free packages.

Safety will do this by integrating directly with your existing package managers—initially PIP, Poetry, and UV—without changing the way they work or the commands you use. Each time you install a package, Safety will first check whether the package is malicious or vulnerable, and block or warn you before the package is installed. We’re calling this new capability Safety Firewall, and will begin rolling it out towards the end of March, and make it available to everyone by the end of April. To protect AI assistants, Safety will make its vulnerability data available via the Model Context Protocol (MCP) so that Claude-based assistants get context on safe packages and version ranges to use when writing code for you. We’re aiming to ship the first version of this in April.

We’re continuing to improve the way Safety secures your existing codebases. Earlier this year we introduced Safety Platform, which provides a web-based interface to browse your vulnerabilities and allows you to configure your Safety policies in the cloud. With the addition of the Firewall and MCP products, we’re adding capabilities to Platform to audit and govern your entire organization’s use of open-source software. We know that vulnerability noise is one of the biggest frustrations developers face in securing their codebases today. We’re actively working on ways to filter out vulnerabilities that aren’t reachable by your code.

Lastly, we’re investing heavily in improving the Data Engine that powers our vulnerability database (safety-db). We’re adding new sources of data, using AI to detect more vulnerabilities, and developing novel methods to detect malicious packages. Paul McCarty, who is well known for his research efforts in software supply chain security, has recently joined to lead our research team and these efforts into malicious package detection and advanced reachability analysis. We’re also excited to share that we’ll be using all of our experience in detecting Python vulnerabilities to do the same for Java and JavaScript — more news on that soon.

What’s Changing?

Lets start with what’s not changing:

1. If you’re a free user of Safety’s scan or check commands today, these will continue to be free and work in the same way as they have before, and will not collect any new information.
2. The open-source Safety vulnerability database (safety-db) will continue to be updated on a monthly basis.

For our paid users, we will begin to make our new features available to you on an opt-in basis. If you choose not to use them, Safety will continue to work as it always has.

For new users to Safety, and paid users who decide to use our new features, Safety will send more information to Safety Platform. For example, if you run a scan on a codebase, the CLI will send a list of packages, detected vulnerabilities, and Git branch to Safety Platform so that you and your team can collaborate on fixing issues, or generate reports for compliance. Or if you install a package with Safety Firewall enabled, Safety will log the installation directory, package version and package manager you used, as well as relevant OS details so that you can easily remove the package if you later find out it is malicious.

To keep up with emerging security threats and other OSS risks, we expect to have to change other aspects of how Safety works in the future. When we do this, we’ll always look to make these changes in a non-breaking way—for both free and paid users—that doesn’t disrupt your existing use of Safety, and we will always announce clearly when any data sharing changes.

Conclusion

We’re excited about our plans to evolve Safety to address the changing threats in open-source security, and we hope you are too! We’re committed to making these changes in a way that continues to support the open-source community that relies on Safety. If you’ve got any feedback, questions, or concerns for us, please leave a comment on this announcement, or reach out to us directly at support@safetycli.com (we love hearing from you!).