We've spoken previously about security and software supply chains and we are back at it this episode. We're diving in again with Charles Coggins. Charles works at a software supply chain company and is on to give us the insiders and defender's perspective on how to keep our Python apps and infrastructure safe.
Episode sponsors
Sentry Error Monitoring, Code TALKPYTHON
Mailtrap
Talk Python Courses
Links from the show
Series: How Malicious Python Code Gains Execution:
blog.phylum.ioPick a Python Lockfile and Improve Security:
blog.phylum.ioBad Beat Poetry:
blog.phylum.ioPEP 665 – A file format to list Python dependencies for reproducibility of an application:
peps.python.orgPEP 517 – A build-system independent format for source trees:
peps.python.orgPEP 518 – Specifying Minimum Build System Requirements for Python Projects:
peps.python.orgLockfiles should be committed on all projects:
classic.yarnpkg.comAn Overview of Software Supply Chain Security:
tldrsec.comTyposquatting:
docs.phylum.ioCommon Attack Pattern Enumeration and Classification:
capec.mitre.orgDependency Confusion:
docs.phylum.ioExpired Author Domains:
docs.phylum.ioUnverifiable Dependency:
docs.phylum.ioRepo Jacking: Hidden Danger in Broken Links:
blog.phylum.ioSoftware Libraries Are Terrifying:
medium.comphylum 0.43.0:
pypi.orglinguist:
github.comrich-codex ⚡️📖⚡️:
ewels.github.ioPhylum Community Discord:
discord.ggThe dream is dead?:
mastodon.socialWhen "Everything" Becomes Too Much: The npm Package Chaos of 2024:
socket.devpip-tools:
github.comWatch this episode on YouTube:
youtube.comEpisode transcripts:
talkpython.fm--- Stay in touch with us ---
Subscribe to us on YouTube:
youtube.comFollow Talk Python on Mastodon:
talkpythonFollow Michael on Mastodon:
mkennedy