Contact Us
24/7
Python BlogDjango BlogSearch for Kubernetes Big DataSearch for Kubernetes AWS BlogCloud Services

News

<< All NewsPython Dependency Security at February 2022 IndyPy

Python Dependency Security at February 2022 IndyPy

February 11, 2022

The February 2022 edition of IndyPy — Indiana’s largest Python meetup founded in 2007 by Six Feet Up CTO and Amazon Web Services (AWS) Community Hero, Calvin Hendryx-Parker — featured Python Dependency Security. In his presentation, Justin Womersley, CEO of PyUp.io, discusses software supply chain security — what it is, why it's important and how to do it right. Justin also addresses some of the gotchas/nuances of dependency management and security in the Python ecosystem.

As discussed at the Meetup, next-gen cyberattacks against open source tools jumped 650% last year, a figure that has caught the eye of federal authorities. Understanding how to protect your software supply chain involves knowing the software supply chain. Every piece of software that you did not write — if it’s used to develop, test, deploy, distribute, monitor, maintain, and run a system — could be vulnerable.

“Just one line of code in any of these projects could leak really important data from your development machines or your supply chain machines,” Justin says.

The pros and cons of a number of package maintenance tools — specifically pip, pipenv, and Poetry — are examined, and Justin shares a number of helpful security-related tidbits, such as:

Watch the presentation:

Did you miss the presentation? Watch the recording and explore tidbits via @IndyPy’s live Twitter thread.

Links and Resources

Find Justin Womersley on GitHub: https://github.com/Jwomers
Learn more about Safety from PyUp: https://pyup.io/safety/
Detailed documentation for:

How can we assist you in reaching your objectives?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.