"safety scan" requires an account and authentication

[andy-maier]

Checklist

• I agree to the terms within the Safety Code of Conduct.

Safety version

3.2.14

Python version

3.12.7

Operating System

macOS 14.7.2

Describe the problem you'd like to have solved

It seems that the new "safety scan" command requires to create an account and particularly to log in to the account when running it.

I find this unacceptable for a tool that claims to be free for the open source community.

In addition, it is not clear what data is sent by the "safety scan" command to the safety site through the account.

Third, this approach can create issues when people move on from an open source project but own a personal safety account that is used for that project, and forgotten to be transferred.

Describe the ideal solution

"safety scan" does not require an account.

Alternatives and current workarounds

Workaround for us is to stick with the "safety check" command.

Additional context

No response

What I Did

$ safety scan --policy-file .safety-policy-develop.yml -r minimum-constraints-develop.txt

Please login or register Safety CLI (free forever) to scan and secure your projects with Safety

(R)egister for a free account in 30 seconds, or (L)ogin with an existing account to continue (R/L): 

[github-actions]

Hi @andy-maier, thank you for opening this issue!

We appreciate your effort in reporting this. Our team will review it and get back to you soon.
If you have any additional details or updates, feel free to add them to this issue.

Note: If this is a serious security issue that could impact the security of Safety CLI users, please email [email protected] immediately.

Thank you for contributing to Safety CLI!

[j-adamczyk]

+1, we used safety check pre-commit hook, and switched to pip-audit due to this change. Using an account is unacceptable for us, particularly for CI workflow. Also, requiring login is very much not open source.