Safety Authentication in the shell #525
Comments
MichaIng
added a commit
to motioneye-project/motioneye
that referenced
this issue
May 14, 2024
Safety "check" has been superseded by "scan": https://docs.safetycli.com/safety-docs/safety-cli-3/migrating-from-safety-cli-2.x-to-safety-cli-3.x#switching-to-the-new-scan-command But it requires to create an account and authenticate. Until we decide whether we want to create a motionEye account for this, and when we know how to authenticate non-interactively, we stick with "check": pyupio/safety#525 Ignore disputed CVE-2018-20225. pip (intentioanlly) pulls the latest version of a module from PyPI, if an older version is available in "extra" indexes added via "extra-index-url" config/arg. If the module does not exist on PyPI at all, an attacker could upload one with the same name, injecting an unintended module into the user's project. This is of course naturally true when installing one module with multiple indexes, same as when installing an APT package with multiple APT repositories present. "extra"-index-url is not meant to override, but extend the indexes. To enforce a different index, and mitigate this potential risk for modules not uploaded to PyPI, use "index-url" arg/config instead. Remove obsolete workaround. Signed-off-by: MichaIng <micha@dietpi.com>
|
The |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
I want to be able to use safety in my CI/CD pipeline but if safety auth is going to return a clickable browser authentication url, it will not be feasible. Is there any way to authenticate in the shell itself?
The text was updated successfully, but these errors were encountered: