Consider adding pyupio/safety to the default pyproject.toml template

[ndejong]

Consider adding pyupio/safety to the default pyproject.toml

I'm finding that having safety as a part of my Slap tests helps me stay aware of possible issues with dependencies sooner in the development cycle, thus saving time (ie shift-left SecDevops language) - other Slap users may find this helpful too.

[tool.slap.test]
safety = "pip freeze | safety check --stdin --output bare"

Also - totally love Slap and it's evolution from Slam and Shut - keep the tool going, it massively helps in delivering awesome Python packages.

[NiklasRosenstein]

Hey @ndejong, I'm glad you enjoy Slap!

I think this is a good idea, I'll add it! :)

Is piping the output of pip freeze into safety any different from running safety check directly?

[NiklasRosenstein]

*Closed accidentally

[ndejong]

Pardon my slow getting back to this, missed your followup question

Yes, I've found that using safety = "safety check" will cause the full-system Python packages to be included which means you'll get alerts for package-items that are not part of the project you're working with.

Also, worth a mention - I've found that my suggested option --output bare produces very limited output which can make it tough to spot why a slap test fails. On reflection it might be better to keep the default (albeit rather verbose) safety output and leave the user/developer to adjust as they see fit.

Hence:-

[tool.slap.test]
safety = "pip freeze | safety check --stdin"