Today requires.io introduces Site Monitoring, a security feature to check that the dependencies of the Python apps deployed on your production servers are up-to-date and secure.

Requires.io can already monitor the requirements of your projects from their source code. We expanded the API so that by adding two lines to your deployment scripts you can now check that your production apps are secure:

$ pip install -U requires.io $ requires.io update-site -t $MY_SECRET_TOKEN -r $MY_REPO

Step-by-step Tutorial In this small tutorial we will setup Site Monitoring for the project requires/myapp . This tutorial assumes that you already have an account on requires.io... If you don't, just register! 1. Plan upgrade First ensure that your plan support the Site Monitoring feature. This can be done from the settings page. In this case I need an Indie+ account. 2. Upgrade your deployment script Go to the "monitoring" section of your settings. There you can just copy the necessary line. In this case it is: requires.io update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r REPO The token is valid for the account requires, so for the project requires/myapp we just need to replace REPO by myapp . requires.io update-site -t 62717a87341c8500d316bf52635a9e40ced04ace -r myapp For an app deployed with a simple fabric script (using fabtools to handle the virtualenv), the resulting script would look similar to this: with fabtools . python . virtualenv ( virtualenv ): run ( 'pip install -r requirements.txt' ) run ( 'pip install requires.io' ) run ( 'requires.io update-site -t 6ade5eb345d8a79ad69a9f868021e0210522aceb -r myapp' ) Adapt for your own deployment scripts! 4. Check the result Just go to your requirements page on requires.io: you will see a new section called "Sites" in the right column.

Notifications Notifications for the Site Monitoring feature are coming very soon... Requires.io notification system is being thoroughly updated, but it is not quite ready yet.