Closed akshitadixit closed 3 days ago
The SAFETY_API_KEY
environment variable seems to work, or using the --key=
CLI option: https://docs.safetycli.com/safety-docs/support/invalid-api-key-error#using-the-safety-api-key-in-safety-cli
--key works with safety check not safety scan if I'm not mistaken.
Here is an example in the docs where it is used with safety scan
: https://docs.safetycli.com/safety-docs/output/detecting-vulnerabilities-and-sharing-results-via-email#command
Also the variable must work, sine it is used in the official GitHub Action with safety scan
: https://github.com/pyupio/safety-action/blob/main/entrypoint.sh
--stage cicd
likely makes sense as well, but I could not find a hint about exact effect of this. Probably it ignores the test environment and concentrates on the project (source code) and declared dependencies only, while otherwise it checks the current environment as well, interpreting it as the one the project is finally running in. Just an idea which somehow would make sense to me.
Thanks it's working now (I used --key=API_KEY
not --key API_KEY
). I had to add --stage cicd
or I would get "Invalid value: 'api_key' auth type isn't allowed with the 'Stage.development' stage."
Okay, whatever this "development" stage shall be: Who is doing manual dependency vulnerability checks while coding? Documentation about all of this is missing, or not prominent enough, e.g. searching for stage
in the docs does not lead to any other results than examples for --stage cicd
usage.
So it is currently not possible to run safety scan
without --stage cicd
from a non-GUI console?
Thank you so much for the help, forgot to reply promptly, but it worked 🥳
Description
I want to be able to use safety in my CI/CD pipeline but if safety auth is going to return a clickable browser authentication url, it will not be feasible. Is there any way to authenticate in the shell itself?