This chapter delves into the crucial steps needed to secure the software supply chain, emphasizing the restriction of dependencies, lock files usage, and continuous analysis and monitoring of new dependencies. It stresses the importance of preventing arbitrary code execution and utilizing tools like Phylum to safeguard against malware from malicious dependencies.
We've spoken previously about security and software supply chains and we are back at it this episode. We're diving in again with Charles Coggins. Charles works at a software supply chain company and is on to give us the insiders and defender's perspective on how to keep our Python apps and infrastructure safe.
Episode sponsors
Sentry Error Monitoring, Code TALKPYTHON
Mailtrap
Talk Python Courses
Links from the show