Today requires.io introduces Site Monitoring, a security feature to check that the dependencies of the Python apps deployed on your production servers are up-to-date and secure.
Requires.io can already monitor the requirements of your projects from their source code. We expanded the API so that by adding two lines to your deployment scripts you can now check that your production apps are secure:
$ pip install -U requires.io $ requires.io update-site -t $MY_SECRET_TOKEN -r $MY_REPO
In this small tutorial we will setup Site Monitoring for the project requires/myapp. This tutorial assumes that you already have an account on requires.io... If you don't, just register!
First ensure that your plan support the Site Monitoring feature. This can be done from the settings page. In this case I need an Indie+ account.
Go to the "monitoring" section of your settings. There you can just copy the necessary line. In this case it is:
requires.io update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r REPO
The token is valid for the account requires, so for the project requires/myapp we just need to replace REPO by myapp.
requires.io update-site -t 62717a87341c8500d316bf52635a9e40ced04ace -r myapp
For an app deployed with a simple fabric script (using fabtools to handle the virtualenv), the resulting script would look similar to this:
with fabtools.python.virtualenv(virtualenv): run('pip install -r requirements.txt') run('pip install requires.io') run('requires.io update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r myapp')
Adapt for your own deployment scripts!
Just go to your requirements page on requires.io: you will see a new section called "Sites" in the right column.
Notifications for the Site Monitoring feature are coming very soon... Requires.io notification system is being thoroughly updated, but it is not quite ready yet.
We are currently testing the requires.io Heroku app. So if you want to hook requires.io to your heroku account to use the Site Monitoring feature, let us know!