Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"safety scan" requires an account and authentication #663

Open
1 task done
andy-maier opened this issue Jan 5, 2025 · 3 comments
Open
1 task done

"safety scan" requires an account and authentication #663

andy-maier opened this issue Jan 5, 2025 · 3 comments

Comments

@andy-maier
Copy link

andy-maier commented Jan 5, 2025

Checklist

Safety version

3.2.14

Python version

3.12.7

Operating System

macOS 14.7.2

Describe the problem you'd like to have solved

It seems that the new "safety scan" command requires to create an account and particularly to log in to the account when running it.

I find this unacceptable for a tool that claims to be free for the open source community.

In addition, it is not clear what data is sent by the "safety scan" command to the safety site through the account.

Third, this approach can create issues when people move on from an open source project but own a personal safety account that is used for that project, and forgotten to be transferred.

Describe the ideal solution

"safety scan" does not require an account.

Alternatives and current workarounds

Workaround for us is to stick with the "safety check" command.

Additional context

No response

What I Did

$ safety scan --policy-file .safety-policy-develop.yml -r minimum-constraints-develop.txt

Please login or register Safety CLI (free forever) to scan and secure your projects with Safety

(R)egister for a free account in 30 seconds, or (L)ogin with an existing account to continue (R/L): 
Copy link

github-actions bot commented Jan 5, 2025

Hi @andy-maier, thank you for opening this issue!

We appreciate your effort in reporting this. Our team will review it and get back to you soon.
If you have any additional details or updates, feel free to add them to this issue.

Note: If this is a serious security issue that could impact the security of Safety CLI users, please email security@safetycli.com immediately.

Thank you for contributing to Safety CLI!

@j-adamczyk
Copy link

j-adamczyk commented Jan 12, 2025

+1, we used safety check pre-commit hook, and switched to pip-audit due to this change. Using an account is unacceptable for us, particularly for CI workflow. Also, requiring login is very much not open source.

@nickste
Copy link

nickste commented Jan 15, 2025

@andy-maier and @j-adamczyk we appreciate your feedback on this and understand your concerns. I'm working through some ideas on how we can best address this, and would really value being able to discuss this with you over a call. If you're willing to do so, please email me on nick@safetycli.com.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants