Secure Software Supply Chains for Python

Secure Software Supply Chains for Python

PyCon US via YouTube Direct link

Improvemnt: Package Signing

18 of 23

18 of 23

Improvemnt: Package Signing

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Secure Software Supply Chains for Python

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Secure Software Supply Chains for Python PyCon US 2021
  3. 3 Developer Advocate @ Google • Director @ Python Software Foundation • Maintainer @ Python Package Index
  4. 4 Software Supply Chain Everything it takes to produce your software
  5. 5 Secure Software Supply Chain What is it?
  6. 6 Supply Chain Attacks Let's see some examples
  7. 7 Supply Chain Attack: Man-in-the-middle
  8. 8 Supply Chain Attack: Typosquatting
  9. 9 Supply Chain Attack: Dependency Confusion
  10. 10 Supply Chain Attack: Being a target of "research"
  11. 11 Supply Chain Attack: Getting SolarWinded
  12. 12 What we can do: HTTPS everywhere
  13. 13 What we can do: Use lockfiles
  14. 14 Version pins • Hashes X • Full dependency tree
  15. 15 An underused workflow Compiled Dependencies
  16. 16 What can we prevent with lockfiles?
  17. 17 What we can do: Vulnerability notifications
  18. 18 Improvemnt: Package Signing
  19. 19 Improvement: Fully audited/curated
  20. 20 Improvement: The slow but inevitable death of setup.py
  21. 21 Improvement: The Update Framework
  22. 22 Improvement: Namespaces on PyPI
  23. 23 Improvement: More funding for projects

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.