The Python ecosystem is under constant threat in 2025. Every month, a new well-known malicious upload set to Python package indexes was discovered. In December 2024, one of the most serious supply chain attacks in recent memory targeted the popular, ultra-high-end Yolo Python package. Supply chain threats such as report jacking, type cutting and slope sting are now endemic.
Complicating this photo, the general infrastructure for running Python, such as the official Python container images, contains hundreds of known vulnerabilities. At the time of writing, this includes 8 vulnerabilities and rated vulnerabilities, with a high rating of 115. These vulnerabilities in the Python runtime and OS stack are particularly difficult for organizations to repair. The problem is “The boss assigned me to fix Ubuntu”.
This webinar explores practical ways to protect your Python workloads in 2025. Covers supply chain fundamentals, including CVE systems. We discuss and demonstrate cutting edge, cutting edge as we scan, sign and present Sigstore and SLSA projects. We’ll discuss recent efforts with Python package indexes to ensure the end of the supply chain. We also delve into two solutions provided by Chainguard, Chainguard containers and Chainguard libraries. This will accelerate your organization’s Python supply chain journey.
In 2025, it’s not enough to pip the installation and prayer. The integrity of Python production code is important, and it’s time to take supply chain security as seriously as application security. Wherever you are on your software supply chain security journey, join us and take your Python workload security to the next level.
Source link
