https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/tags/python/Recent content in Python onHugo -- gohugo.ioen-USSun, 22 Jun 2025 17:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/overview/Wed, 09 Apr 2025 04:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/overview/Introduction Chainguard Libraries for Python provides enhanced security for the vast Python ecosystem by rebuilding PyPI packages with comprehensive supply chain protection and automated patching. With over 600,000 packages on the Python Package Index (PyPI) serving application development, machine learning, and data science needs, Chainguard addresses the critical security challenges of depending on packages from untrusted sources by rebuilding them within the controlled Chainguard Factory environment. In addition, Chainguard eliminates security risk by remediating High and Critical vulnerabilities across older package versions where upstream maintainers are not able to prioritize fixes.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/global-configuration/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/global-configuration/Python library consumption in a large organization is typically managed by a repository manager. Commonly used repository manager applications are Cloudsmith, JFrog Artifactory, and Sonatype Nexus Repository. The repository manager acts as a single point of access for developers and development tools to retrieve the required libraries. At a high level, adopting the use of Chainguard Libraries consists of the following steps: Add Chainguard Libraries as a remote repository for library retrieval.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/build-configuration/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/build-configuration/The configuration for the use of Chainguard Libraries depends on how you’ve set up your build tools and CI/CD workflows. At a high level, adopting the use of Chainguard Libraries in your development, build, and deployment workflows involves the following steps: If you or an administrator have not done so already, set up your organization’s repository manager to use Chainguard Libraries for Python. Log into your organization’s repository manager and retrieve credentials for the build tool you are configuring.https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/management/Tue, 25 Mar 2025 08:04:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/chainguard/libraries/python/management/Chainguard Libraries for Python operates transparently after completing the global configuration and build configuration, automatically providing security-enhanced versions of your PyPI dependencies. New packages and versions are retrieved from Chainguard’s hardened repository when available, while PyPI and other configured repositories provide fallback access to ensure continuous development workflow without interruption. The following sections detail optional management, maintenance, and auditing steps on the repository manager and the build tool. Source verification You can verify what artifacts are retrieved from the Chainguard Libraries repository on a global level:https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202506/Sun, 22 Jun 2025 17:00:00 +0000https://deploy-preview-3176--ornate-narwhal-088216.netlify.app/software-security/learning-labs/ll202506/The June 2025 Learning Lab with Patrick Smyth covers Chainguard Libraries for Python. Open source libraries help you move fast, but pulling in external dependencies can introduce supply chain risk. This session covers fundamental concepts of Chainguard Libraries, package managers and dependencies, PyPI and build tools, configuring repository managers, and running example application builds. Sections 0:00 Introduction and welcome 0:54 Patrick Smyth introduction and background 1:47 Chainguard! Who are we? 2:47 Chainguard Containers and the “boss assigned me to fix Ubuntu” problem 4:12 Introduction to Chainguard Libraries for Python 5:04 Python libraries fundamentals - modules, packages, and libraries 6:34 The dependency graph problem and modern ecosystem challenges 8:57 PyPI (Python Package Index) overview and infrastructure 10:53 Supply chain attacks on the rise and threats to the Python ecosystem 11:39 Supply chain meme calendar - an attack every month this year 13:54 Anatomy of supply chain attacks and attack vectors 17:43 Chainguard Libraries!