Completed
PyPI and malicious packages
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Securing Python Projects Supply Chain
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 The real cost of a vulnerable supply chain
- 3 SolarWinds attack
- 4 Secure supply chain frameworks
- 5 Software signing
- 6 Vulnerability databases
- 7 Vulnerabilities and PyPI
- 8 PyPI and malicious packages
- 9 SBOMS and VEX
- 10 Python container images
- 11 Scanning for vulnerabilities in source code
- 12 Python community initiatives
- 13 PEP 458 & PEP 480
- 14 PEP 708: Extending the Repository API to Mitigate Dependency Confusion Attacks
- 15 PEP 710: Recording the provenance of installed packages
- 16 SLSA Supply-chain Levels for Software Artifacts
- 17 Graph for Understanding Artifact Composition