Explore best practices for securely consuming open source in Python in this 33-minute conference talk from EuroPython 2024. Delve into the Secure Supply Chain Consumption Framework (S2C2F) and its application to Python projects. Learn about implementing core principles and maturity levels of S2C2F, including dependency management with pip, artifact management, SBOMs, signatures, deny rules, forking policies, and automated security updates using Dependabot. Gain practical strategies to enhance the security of open-source consumption in Python development, addressing the growing prevalence of attacks targeting OSS. Walk away with actionable tips to know your OSS, prevent vulnerable package introduction, and maintain robust patch management for more secure Python projects.
Overview
Syllabus
Best practices for securely consuming open source in Python — Ciara Carey
Taught by
EuroPython Conference
Related Courses
-
Build community-driven software projects on GitHub
-
Secure Software Supply Chain Framework (S2C2F) Guide - OpenSSF SIG Meeting
-
Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software
-
Introduction to Open Source Application Development
-
Trusted Open Source Artifacts on the Blockchain - Introduction to Pyrsia
-
Manage Open Source, Security and SBOMs for Software Projects and Organizations
