Bernát GáborMar 12
Wrote down everything I wish I knew earlier about Python supply chain security. Hash pinning, pip-audit, SBOMs, trusted publishing — the whole thing. Enjoy 🐍🔒https://bernat.tech/posts/securing-python-supply-chain/
Defense in Depth: A Practical Guide to Python Supply Chain Security

A comprehensive guide to securing your Python dependencies from ingestion to deployment, covering linting, pinning, vulnerability scanning, SBOMs, and attestations

Bernát Gábor - Engineering & Open Source
Show threadmhoye
@gaborbernat @andrewnez this may be relevant to your interests
Mar 13 at 3:18pmWeb
Show threadAndrew NesbittMar 13
@mhoye @gaborbernat oh wow this is amazing