Safeguard
Tag

python

Safeguard articles tagged "python" — guides, analysis, and best practices for software supply chain and application security.

76 articles

Security Guides

Requests (Python) Security Guide (2026)

The Requests library is how most Python code talks HTTP — and a recurring class of credential-leak-on-redirect CVEs makes its version and config genuinely security-relevant.

Jul 3, 20266 min read
Security Guides

FastAPI Security Best Practices: A 2026 Guide

FastAPI's type system catches a whole class of bugs for free, but async I/O, JWT handling, and dependency injection introduce risks that Pydantic will not save you from.

Jul 2, 20265 min read
Security Guides

NumPy Security Guide (2026)

NumPy is the numerical foundation of the Python data ecosystem — and while many of its CVEs are disputed, the pickle-based numpy.load deserialization risk is real and worth understanding.

Jul 2, 20266 min read
Security Guides

Flask Security Best Practices for 2026

Flask is minimal by design, which means the security decisions Django makes for you are decisions you own. Here is how to make them correctly.

Jul 1, 20265 min read
Security Guides

Django Security Best Practices for 2026

Django ships with strong defaults, but misconfigured settings, raw ORM queries, and unpinned dependencies still cause real breaches. Here is the checklist that matters.

Jul 1, 20266 min read
Security Guides

Auditing Python Dependencies with pip-audit: A Practical Guide

pip-audit is the PyPA-backed tool for scanning Python dependencies against the OSV and PyPI advisory databases. Here is how to run it well — and where it needs backup.

Jul 1, 20265 min read
Buyer's Guides

Python Code Review Tools: An Honest 2026 Buyer's Guide

A balanced look at the Python code review and static-analysis tools that actually matter in 2026 — Ruff, Bandit, Semgrep, CodeQL, SonarQube, and more — with honest tradeoffs and where Safeguard fits.

Jul 1, 20267 min read
Security Guides

PyTorch Security Guide (2026)

PyTorch is the dominant deep-learning framework for research and production — and its torch.load remote-code-execution history makes loading a model checkpoint one of the most security-sensitive operations in modern ML.

Jul 1, 20266 min read
Security Guides

TensorFlow Security Guide (2026)

TensorFlow is one of the most widely deployed machine-learning frameworks — and its history of model-deserialization RCE and crafted-tensor memory bugs makes its version and loading habits genuinely security-relevant.

Jul 1, 20266 min read
Supply Chain Attacks

Microsoft's durabletask PyPI Package Compromised (19 May 2026): A Linux Wiper and Multi-Cloud Credential Theft

On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.

May 20, 202610 min read
Incident Analysis

PyPI Trusted Publishing Token Leaks in 2025

Trusted Publishing made PyPI safer, but leaked short-lived OIDC tokens in CI logs kicked off a credential-replay campaign that PyPI, GitHub, and Sonatype all tracked in 2025.

Mar 19, 20268 min read
Application Security

Reachability Analysis for Python and pip in 2026

Python reachability is hard but useful: dynamic dispatch, monkey-patching, optional extras, and how modern tools handle real Django and FastAPI services.

Feb 26, 20266 min read
python (Page 3) — Safeguard Blog