We're hiring! View our open positions here.
Safety CLI

Advanced Vulnerability Scanning Powered by Industry-Leading Security Intelligence

Detect and fix vulnerable dependencies with the most comprehensive Python, Java, and JavaScript security scanner. Backed by 4x more vulnerability data than public databases and seamlessly integrates into any development workflow.

Get Started
Read the Docs
Arrow
End-to-end vulnerability scanning

Secure Your Supply Chain Before It's Compromised

In 2024 alone, over 500,000 malicious packages were detected - a 156% increase from the previous year. With attackers now weaponizing vulnerabilities within hours instead of months, unscanned dependencies pose an immediate risk to your systems. Safety CLI provides the essential visibility and protection you need against this rapidly evolving threat landscape.

Any Environment, Any Workflow

Deploy Safety CLI in seconds across development machines, CI/CD pipelines, and production systems.

Context-Aware Remediation

Stop wasting time on false positives. Safety CLI prioritizes vulnerabilities based on actual risk to your code, with precise reachability analysis and verified fix recommendations.

Unparalleled Security Intelligence

Safety CLI leverages our proprietary vulnerability database, detecting 4x more security issues than public sources. Every scan is backed by our team of security researchers and AI-powered analysis.

Get StartedRead the Docs
# Get started by instaling Safety
pip install safety

#Authenticate your CLI
safety auth

#Navigate to your project
cd "python project"

#Run your first security scan
safety scan

Dependency vulnerabilities detected:

 jinja2==3.1.4 [1 vulnerability found]                            
 
A vulnerability in the Jinja compiler allows an attacker...

Update jinja2==3.1.4 to jinja2==3.1.5 to fix 1 vulnerability

View Scan Results: https://platform.safetycli.com/
Vulnerability Scanning

Security Beyond Public Vulnerability Databases

Safety CLI leverages our proprietary security intelligence to detect 4x more vulnerabilities than public databases. Our cybersecurity team proactively monitors package releases and code changes, with AI-powered analysis detecting vulnerability signals that others miss.

Scanning at every stage of development

Safety delivers real-time vulnerability detection across your dependency tree, from local development environments all the way through CI/CD and into Production. Shift-Left and detecting security threats as early in the development lifecycle as possibel.

Expert-verified fixes and remediation steps

Safety's team of cybersecurity researchers monitor signals and changes in millions of open-source packages. We verify every fix to ensure our recommendations are accurate and include detailed technical advisories for every vulnerability.

Read the Docs
Create account
$ safety scan
Safety 3.3.2 scanning
Project: get-safety
 Environment: development
 Scan policy: fetched from Safety Platform

Python detected. Found 4 Python requirements files
and 3 Python environments

Dependency vulnerabilities detected:
 jinja2==3.1.4 [1 vulnerability found]            
  -> Vuln ID 74735:


A vulnerability in the Jinja compiler allows...
Learn more: https://platform.safetycli.com    
Update jinja2==3.1.4 to jinja2==3.1.5 to fix 1 vulnerability
 
Tested 1236 dependencies for security issues using policy fetched from Safety Platform
1 vulnerabilities found, 3 ignored due to policy.
1 fixes suggested, resolving 1 vulnerabilities.

View Scan Results: https://platform.safetycli.com/register
FREE • NO ACCOUNT REQUIRED • 30 SECOND SETUP

Transform your AI assistant into your security ally in 30 seconds

AI-assistants like Cursor, Windsurf, and Co-pilot have a major problem: They recommend outdated and vulnerable packages. Safety's MCP solves this with one simple integration.
Set up Safety MCP now
PROBLEM & SOLUTION

The problem: your AI code assistant uses outdated and vulnerable packages

AI-assistants like Cursor, Windsurf, and Co-pilot have a critical security blindspot: They can't identify outdated and vulnerable packages. Watch the difference Safety MCP makes.
Safety's MCP service solves this with one simple integration - providing real-time package intelligence to your AI assistant whenever it needs it.
Get started in 30 seconds
PLATFORM SUPPORT

Works with your favorite AI coding tools

Safety MCP integrates seamlessly with all major AI coding assistants through the Model Context Protocol.

Cursor

The AI first code editor

Windsurf

AI-powered development environment

GitHub Copilot

AI pair programmer

Claude

Anthropic's desktop app

Claude Code

VS Code extension

Any MCP Client

Model Context Protocol support

Don't see your tool? Safety MCP works with any application that supports the Model Context Protocol.
30 SECOND SETUP

Set up Safety MCP in 30 seconds

Free, no account needed. Just copy, paste, and start generating secure code immediately.
Cursor
Windsurf
GitHub Copilot
Claude
Claude Code

Cursor Setup

  1. Click the Settings icon in the top right corner.
  2. Select MCP from the left navigation.
  3. Click the "Add new global MCP server" button.
  4. Add the following to the mcp.json file:
{
 "mcpServers": {
   "safety-mcp": {
     "url": "https://mcp.safetycli.com/sse",
     "type": "sse",
     "headers": {
       "Authorization": "Bearer a24ed89c-cc30-4bd8-a03f-f2db2ccbf849"
     }
   }
 }
}
Copy
  1. Go back to Settings and click Rules, then input the following into User Rules:
- Every time you import a Python package or add a package to a requirements.txt or pyproject.toml, use the safety-mcp to check if the version you have chosen is secure and is the latest version of the package. Make sure you always use the latest_secure_version (returned by safety-mcp) for any package.

- If a package already exists in a codebase, and a user asks you to check it for vulnerabilities, use the safety-mcp and evaluate whether there are any secure versions in the same major version and acknowledge these options. Additionally, inform the user of the latest secure version of the package.
Copy

Windsurf Setup

Note: Safety MCP currently does not work with Claude 3.7 in Windsurf.

  1. Click the Settings icon in the top right corner.
  2. Select MCP from the left navigation.
  3. Click the "Add new global MCP server" button.
  4. Add the following to the mcp.json file:
{
 "mcpServers": {
   "safety-mcp": {
     "serverUrl": "https://mcp.safetycli.com/sse",
     "headers": {
       "Authorization": "Bearer a24ed89c-cc30-4bd8-a03f-f2db2ccbf849"
     }
   }
 }
}
Copy
- Every time you import a Python package or add a package to a requirements.txt or pyproject.toml, use the safety-mcp to check if the version you have chosen is secure and is the latest version of the package. Make sure you always use the latest_secure_version (returned by safety-mcp) for any package.

- If a package already exists in a codebase, and a user asks you to check it for vulnerabilities, use the safety-mcp and evaluate whether there are any secure versions in the same major version and acknowledge these options. Additionally, inform the user of the latest secure version of the package.
Copy

Copilot Setup

  1. Open VS Code settings (settings icon in bottom left corner) and click Settings.
  2. Search for "MCP".
  3. Click Edit in settings.json
  4. Paste the following and save the file:
{
 "chat.mcp.discovery.enabled": true,
 "mcp": {
   "inputs": [],
   "servers": {
     "safety-mcp": {
       "url": "https://mcp.safetycli.com/sse",
       "type": "sse",
       "headers": {
         "Authorization": "Bearer a24ed89c-cc30-4bd8-a03f-f2db2ccbf849"
       }
     }
   }
 }
}
Copy
  1. To use Safety MCP with Copilot, switch to agent mode.
  2. To configure Copilot instructions follow the steps on this page and add the following instructions:
- Every time you import a Python package or add a package to a requirements.txt or pyproject.toml, use the safety-mcp to check if the version you have chosen is secure and is the latest version of the package. Make sure you always use the latest_secure_version (returned by safety-mcp) for any package.

- If a package already exists in a codebase, and a user asks you to check it for vulnerabilities, use the safety-mcp and evaluate whether there are any secure versions in the same major version and acknowledge these options. Additionally, inform the user of the latest secure version of the package.
Copy

Claude Setup

  1. Click the Claude menu from the top menu bar in Mac.
  2. Click Settings.
  3. Select the Developer tab.
  4. Click Edit Config.
  5. Open the claude_desktop_config.json file in an editor of your choice.
  6. Add the following to your config:
{
 "mcpServers": {
   "safety-mcp": {
     "command": "uvx",
     "args": [
       "mcp-proxy",
       "https://mcp.safetycli.com/sse"
     ],
     "env": {
       "API_ACCESS_TOKEN": "Bearer a24ed89c-cc30-4bd8-a03f-f2db2ccbf849"
     }
   }
 }
}
Copy

Claude Code Setup

In your terminal run the following:

claude mcp add -t sse safety-mcp-sse https://mcp.safetycli.com/sse
Copy
Don't see your tool? Safety MCP works with any application that supports the Model Context Protocol.

Secure your supply chain in 60 seconds.
No sales calls, no complex setup.
Just instant protection.

Get Started for Free
View Documentation
Arrow
CTA Graph
Supply Chain Security Research Updates

Stay informed on emerging threats, novel attack vectors, and vulnerability research from Safety's cybersecurity team. Technical analysis, not product updates.

By subscribing you agree to our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Products
Safety FirewallSafety CLISafety PlatformVulnerability Database
Resources
Research & BlogDocumentationIntegrationsPricing & PlansGitHub
Company
AboutCareersTrust Center
Legal
Terms of ServiceData ProcessingPrivacy PolicyManage Cookies
© 2025 Safety CLI Cybersecurity Inc. All rights reserved.
Privacy PolicyTerms of Service