Safeguard
Tag

python

Safeguard articles tagged "python" — guides, analysis, and best practices for software supply chain and application security.

76 articles

SBOM & Compliance

SLSA Build Provenance for Python Publish

Python packages on PyPI can carry SLSA provenance via PEP 740. Here is the publish workflow, the verification story, and the parts that still do not quite fit together.

Oct 15, 20247 min read
Supply Chain Security

Python Package Typosquatting in 2024: Scale, Tactics, and Defenses

Typosquatting on PyPI reached industrial scale in 2024, with attackers using automated tooling to register thousands of malicious package names targeting common misspellings of popular libraries.

Sep 8, 20246 min read
Best Practices

Pydantic v2 Security Implications

Pydantic v2 rewrote the core in Rust and changed validation semantics. Here is what that means for security-sensitive code, from input coercion to ReDoS exposure.

Jul 25, 20246 min read
Best Practices

FastAPI Supply Chain Security: A Working Guide

FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.

Jul 5, 20246 min read
Application Security

FastAPI Security Best Practices

Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.

May 22, 20244 min read
DevSecOps

Pants Build Tool Security Posture

A practitioner's view of the Pants build system's security properties, covering sandboxing, third-party resolution, and the Pants 2.x architecture.

May 18, 20247 min read
Open Source Security

Managing Python Package Namespace Conflicts

Python's flat namespace creates real security problems. Here is how namespace packages, shadowing, and install order interact, and how to avoid the surprises.

May 18, 20246 min read
Guides

How to Audit Python Dependencies with pip-audit (and What It Misses)

pip-audit checks your Python dependencies against the PyPA advisory database in one command. Here is how to run it well in CI, and the four gaps it leaves open.

Apr 26, 20246 min read
Open Source Security

PyPI Supply Chain Attacks: Q1 2024 Roundup

Q1 2024 brought typosquats, stealer campaigns, and a week-long new-user freeze on PyPI. Here is what the attacks looked like and how to defend.

Apr 22, 20245 min read
Best Practices

Django Security Best Practices, 2024 Edition

From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.

Apr 10, 20246 min read
Open Source Security

Poetry and Python Supply Chain Security

Poetry's lockfile is an asset. Its dependency resolver is a tradeoff. Here is how to run Poetry safely in a world of typosquats, dependency confusion, and unmaintained installers.

Feb 22, 20246 min read
Open Source Security

How to Verify a PyPI Package Before Install

A practical pre-install verification workflow for PyPI packages covering sigstore attestations, maintainer checks, and sdist auditing.

Dec 5, 20235 min read
python (Page 5) — Safeguard Blog