python
Safeguard articles tagged "python" — guides, analysis, and best practices for software supply chain and application security.
76 articles
Requests (Python) Security Guide (2026)
The Requests library is how most Python code talks HTTP — and a recurring class of credential-leak-on-redirect CVEs makes its version and config genuinely security-relevant.
FastAPI Security Best Practices: A 2026 Guide
FastAPI's type system catches a whole class of bugs for free, but async I/O, JWT handling, and dependency injection introduce risks that Pydantic will not save you from.
NumPy Security Guide (2026)
NumPy is the numerical foundation of the Python data ecosystem — and while many of its CVEs are disputed, the pickle-based numpy.load deserialization risk is real and worth understanding.
Flask Security Best Practices for 2026
Flask is minimal by design, which means the security decisions Django makes for you are decisions you own. Here is how to make them correctly.
Django Security Best Practices for 2026
Django ships with strong defaults, but misconfigured settings, raw ORM queries, and unpinned dependencies still cause real breaches. Here is the checklist that matters.
Auditing Python Dependencies with pip-audit: A Practical Guide
pip-audit is the PyPA-backed tool for scanning Python dependencies against the OSV and PyPI advisory databases. Here is how to run it well — and where it needs backup.
Python Code Review Tools: An Honest 2026 Buyer's Guide
A balanced look at the Python code review and static-analysis tools that actually matter in 2026 — Ruff, Bandit, Semgrep, CodeQL, SonarQube, and more — with honest tradeoffs and where Safeguard fits.
PyTorch Security Guide (2026)
PyTorch is the dominant deep-learning framework for research and production — and its torch.load remote-code-execution history makes loading a model checkpoint one of the most security-sensitive operations in modern ML.
TensorFlow Security Guide (2026)
TensorFlow is one of the most widely deployed machine-learning frameworks — and its history of model-deserialization RCE and crafted-tensor memory bugs makes its version and loading habits genuinely security-relevant.
Microsoft's durabletask PyPI Package Compromised (19 May 2026): A Linux Wiper and Multi-Cloud Credential Theft
On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.
PyPI Trusted Publishing Token Leaks in 2025
Trusted Publishing made PyPI safer, but leaked short-lived OIDC tokens in CI logs kicked off a credential-replay campaign that PyPI, GitHub, and Sonatype all tracked in 2025.
Reachability Analysis for Python and pip in 2026
Python reachability is hard but useful: dynamic dispatch, monkey-patching, optional extras, and how modern tools handle real Django and FastAPI services.