# Install safety with Homebrew

Checks Python dependencies for known vulnerabilities and suggests remediations. Version 3.8.1 via Homebrew; verified 2026-05-30.

## Install

```sh
sudo av install brew:safety
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install safety
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:safety
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/safety>
- **Version:** 3.8.1
- **Source summary:** Checks Python dependencies for known vulnerabilities and suggests remediations
- **Homepage:** <https://safetycli.com/product/safety-cli>
- **Repository:** <https://github.com/pyupio/safety>
- **Upstream docs:** <https://docs.safetycli.com/safety-docs>
- **License:** MIT
- **Source archive:** <https://files.pythonhosted.org/packages/c2/7b/8e1d580c5178f0736b806b7199827e61e2a2569eec5b49ec75da6273bbdf/safety-3.8.1.tar.gz>
- **Last updated:** 2026-05-30T15:57:54Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- safety (cli)
- safety (alias)

## Dependencies

- certifi
- cryptography
- pydantic
- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.8.1
- Package-manager updated: 2026-05-30
- Local data: ok
- Upstream repository: https://safetycli.com/product/safety-cli
- info: Release/tag comparison is only available for GitHub repositories.

## Security Notes

No matching local secret-handling manifest was found for safety. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .safety-policy.yml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** safety
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [sigstore](https://www.automicvault.com/pkg/brew/sigstore/) - Shares av.db curated category or tags: cli, python, security, software-supply-chain, supply-chain-security.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [cosign](https://www.automicvault.com/pkg/brew/cosign/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [cyclonedx-python](https://www.automicvault.com/pkg/brew/cyclonedx-python/) - Shares av.db curated category or tags: cli, python, security, software-supply-chain.
- [gitsign](https://www.automicvault.com/pkg/brew/gitsign/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [gittuf](https://www.automicvault.com/pkg/brew/gittuf/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [grype](https://www.automicvault.com/pkg/brew/grype/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [notation](https://www.automicvault.com/pkg/brew/notation/) - Shares av.db curated category or tags: cli, security, software-supply-chain, supply-chain-security.
- [pip-audit](https://www.automicvault.com/pkg/brew/pip-audit/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, chain, cli, dependency, dependency-scanning.
- [snyk-agent-scan](https://www.automicvault.com/pkg/brew/snyk-agent-scan/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, cryptography, pydantic, python.

## Combined YAML source

View the package source record on GitHub. [combined/safety.yml](https://github.com/automic-vault/db/blob/main/combined/safety.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
