The Python ecosystem is below fixed risk in 2025. Each month, a brand new high-profile set of malicious uploads to the Python Bundle Index is found. In December 2024, probably the most severe provide chain assaults in latest reminiscence focused the favored Ultralytics YOLO Python package deal. Provide chain threats reminiscent of repojacking, typosquatting, and slopsquatting are actually endemic.
Complicating this image, widespread infrastructure for operating Python in manufacturing, such because the official Python container picture, comprises tons of of identified vulnerabilities. At time of writing, this consists of 8 vulnerabilities rated vital and 115 rated excessive. These vulnerabilities within the Python runtime and OS stack are notably troublesome for organizations to remediate — what we name the “boss assigned me to repair Ubuntu” downside.
On this webinar, we’ll discover sensible methods to safe your Python workloads in 2025. We’ll cowl provide chain fundamentals, together with the CVE system. We’ll focus on and demo the state-of-the-art in scanning and signing and introduce the Sigstore and SLSA tasks. We’ll cowl latest efforts by the Python Bundle Index to safe their finish of the provision chain. We’ll additionally dig into two options supplied by Chainguard, Chainguard Containers and Chainguard Libraries, that may speed up the Python provide chain journey at your group.
In 2025, it is not adequate to pip set up and pray. The integrity of your Python manufacturing code is vital, and it is time to take provide chain security as critically as utility security. Irrespective of the place you might be in your software program provide chain security journey, be part of us and take the security of your Python workloads to the subsequent stage.
