Bernát GáborMar 12
Wrote down everything I wish I knew earlier about Python supply chain security. Hash pinning, pip-audit, SBOMs, trusted publishing — the whole thing. Enjoy 🐍🔒https://bernat.tech/posts/securing-python-supply-chain/
Defense in Depth: A Practical Guide to Python Supply Chain Security

A comprehensive guide to securing your Python dependencies from ingestion to deployment, covering linting, pinning, vulnerability scanning, SBOMs, and attestations

Bernát Gábor — Python packaging, tox, virtualenv & open source
Show threadEdgar Ramírez Mondragón 🦗
@gaborbernat thank you so much for sharing! This will definitely help me convince some folks to set up an internal package mirror 😁
Mar 15 at 2:32amWeb