Best Practices for Securely Consuming Open Source in Python

Explore best practices for securely consuming open source in Python in this 33-minute conference talk from EuroPython 2024. Delve into the Secure Supply Chain Consumption Framework (S2C2F) and its application to Python projects. Learn about implementing core principles and maturity levels of S2C2F, including dependency management with pip, artifact management, SBOMs, signatures, deny rules, forking policies, and automated security updates using Dependabot. Gain practical strategies to enhance the security of open-source consumption in Python development, addressing the growing prevalence of attacks targeting OSS. Walk away with actionable tips to know your OSS, prevent vulnerable package introduction, and maintain robust patch management for more secure Python projects.

Best practices for securely consuming open source in Python — Ciara Carey