python
Safeguard articles tagged "python" — guides, analysis, and best practices for software supply chain and application security.
76 articles
Bandit for Python Security Linting: Getting Real Value From Static Analysis
Bandit scans Python code for security issues. Here is how to configure it so it catches real bugs without burying your team in false positives.
pip Install Hooks Security Risks: Code Execution During Package Installation
Running pip install can execute arbitrary code on your machine before you ever import the package. Here is how install hooks create risk.
PyPI Supply Chain Attacks: The ctx Package Compromise
The ctx package on PyPI was hijacked to steal environment variables from developer machines. The attack exploited an expired domain to take over a maintainer account — a novel and repeatable technique.
Python PyPI Malware Campaigns in 2021
Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.