Safety Authentication in the shell #525
Comments
Safety "check" has been superseded by "scan": https://docs.safetycli.com/safety-docs/safety-cli-3/migrating-from-safety-cli-2.x-to-safety-cli-3.x#switching-to-the-new-scan-command But it requires to create an account and authenticate. Until we decide whether we want to create a motionEye account for this, and when we know how to authenticate non-interactively, we stick with "check": pyupio/safety#525 Ignore disputed CVE-2018-20225. pip (intentioanlly) pulls the latest version of a module from PyPI, if an older version is available in "extra" indexes added via "extra-index-url" config/arg. If the module does not exist on PyPI at all, an attacker could upload one with the same name, injecting an unintended module into the user's project. This is of course naturally true when installing one module with multiple indexes, same as when installing an APT package with multiple APT repositories present. "extra"-index-url is not meant to override, but extend the indexes. To enforce a different index, and mitigate this potential risk for modules not uploaded to PyPI, use "index-url" arg/config instead. Remove obsolete workaround. Signed-off-by: MichaIng <[email protected]>
|
The |
Print motion path and version in debug log when detecting and when starting motion. Print error code when motion failed to start. Align variable names and avoid unused variables. Safety "check" has been superseded by "scan": https://docs.safetycli.com/safety-docs/safety-cli-3/migrating-from-safety-cli-2.x-to-safety-cli-3.x#switching-to-the-new-scan-command But it requires to create an account and authenticate. Until we decide whether we want to create a motionEye account for this, and when we know how to authenticate non-interactively, we stick with "check": pyupio/safety#525 Ignore disputed CVE-2018-20225. pip (intentioanlly) pulls the latest version of a module from PyPI, if an older version is available in "extra" indexes added via "extra-index-url" config/arg. If the module does not exist on PyPI at all, an attacker could upload one with the same name, injecting an unintended module into the user's project. This is of course naturally true when installing one module with multiple indexes, same as when installing an APT package with multiple APT repositories present. "extra"-index-url is not meant to override, but extend the indexes. To enforce a different index, and mitigate this potential risk for modules not uploaded to PyPI, use "index-url" arg/config instead. Remove obsolete workaround. Fix error log when ffmpeg executable could NOT print version. Add executable path to debug log. Quote motion executable path, which is not assured to work in shell without quotation. Align variable and structuring code comments. Signed-off-by: MichaIng <[email protected]>
|
--key works with safety check not safety scan if I'm not mistaken. |
|
Here is an example in the docs where it is used with Also the variable must work, sine it is used in the official GitHub Action with
|
|
Thanks it's working now (I used |
|
Okay, whatever this "development" stage shall be: Who is doing manual dependency vulnerability checks while coding? Documentation about all of this is missing, or not prominent enough, e.g. searching for So it is currently not possible to run |
|
Thank you so much for the help, forgot to reply promptly, but it worked 🥳 |
Description
I want to be able to use safety in my CI/CD pipeline but if safety auth is going to return a clickable browser authentication url, it will not be feasible. Is there any way to authenticate in the shell itself?
The text was updated successfully, but these errors were encountered: