Tag
wheels
Safeguard articles tagged "wheels" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Engineering
Python Wheels vs Source Distributions: Security Implications
Installing an sdist runs someone else's code on your machine; installing a wheel doesn't. That one difference drives most PyPI malware — and most of the right defenses.
Nov 27, 20246 min read
DevSecOps
Signing Python Wheels in Production
PyPI supports attestations now. Here is how to actually sign Python wheels in a CI pipeline, verify them at install time, and deal with the rough edges.
Nov 12, 20246 min read
Software Supply Chain Security
Python Wheel Security Verification: What You Are Missing
Python wheels are the standard packaging format, but their security verification story has significant gaps that most developers never consider.
Jul 22, 20235 min read