![]() However, a number of common exploits remain unaddressed, including: Integrating The Update Framework into PyPIĪll of these initiatives are welcome additions and provide organizations with more ways to help ensure the security and integrity of the Python packages they work with.Creating the Python Packaging Advisory Database.Building a new dependency resolver for pip.Adding 2-Factor Authentication (2FA) and API Tokens.They’re actively working to be a good steward of the PyPI ecosystem by undertaking several important initiatives, including: ![]() To build robust software, we need to ensure all links in the chain are secure and free of vulnerabilities.įortunately, the Python Software Foundation recognizes the critical importance of software supply chain security. Combined with other third-party code and our own proprietary code, PyPI-sourced components form a critical part of our software supply chain - a chain that is only as strong as its weakest link. ![]() As Python developers, we depend on packages (and their dependencies) pulled from the public repositories like the Python Package Index (PyPI) to build our applications.
0 Comments
Leave a Reply. |