The chapter explores the risks and tactics used by threat actors in the realm of software supply chain security, including typo squatting and star jacking. It emphasizes the importance of specifying exact versions or hashes for package dependencies to mitigate vulnerabilities. Additionally, it discusses the implementation of security measures using tools like GitHub actions and Bilem to safeguard against malicious code in open-source software.
We've spoken previously about security and software supply chains and we are back at it this episode. We're diving in again with Charles Coggins. Charles works at a software supply chain company and is on to give us the insiders and defender's perspective on how to keep our Python apps and infrastructure safe.
Episode sponsors
Sentry Error Monitoring, Code TALKPYTHON
Mailtrap
Talk Python Courses
Links from the show