| Thu 20 November 2014 Alexis Tabary

Today introduces Site Monitoring, a security feature to check that the dependencies of the Python apps deployed on your production servers are up-to-date and secure. can already monitor the requirements of your projects from their source code. We expanded the API so that by adding two lines to your deployment scripts you can now check that your production apps are secure:

$ pip install -U
$ update-site -t $MY_SECRET_TOKEN -r $MY_REPO

Step-by-step Tutorial

In this small tutorial we will setup Site Monitoring for the project requires/myapp. This tutorial assumes that you already have an account on If you don't, just register!

1. Plan upgrade

First ensure that your plan support the Site Monitoring feature. This can be done from the settings page. In this case I need an Indie+ account.

Plan upgrade

2. Upgrade your deployment script

Go to the "monitoring" section of your settings. There you can just copy the necessary line. In this case it is: update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r REPO

The token is valid for the account requires, so for the project requires/myapp we just need to replace REPO by myapp. update-site -t 62717a87341c8500d316bf52635a9e40ced04ace -r myapp

For an app deployed with a simple fabric script (using fabtools to handle the virtualenv), the resulting script would look similar to this:

with fabtools.python.virtualenv(virtualenv):
    run('pip install -r requirements.txt')
    run('pip install')
    run(' update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r myapp')

Adapt for your own deployment scripts!

4. Check the result

Just go to your requirements page on you will see a new section called "Sites" in the right column.



Notifications for the Site Monitoring feature are coming very soon... notification system is being thoroughly updated, but it is not quite ready yet.


We are currently testing the Heroku app. So if you want to hook to your heroku account to use the Site Monitoring feature, let us know!

Boost Your Teams