Tuesday, October 8, 2024
HomePythonPyCon Taiwan 2024 Keynote

PyCon Taiwan 2024 Keynote




PyCon Taiwan 2024 Keynote
















Listed here are my slides and overview of my PyCon Taiwan 2024 Keynote
titled “Bytes, Pipes, and Individuals”. The video will likely be revealed to YouTube,
subscribe to the PyCon Taiwan YouTube channel to be notified when out there.

Software program safety has traditionally been handled as further or “nice-to-have”,
not a core characteristic that customers count on. This implies now we have collected
loads of tech debt. Now there are rising incentives and necessities
for producing safe software program to fulfill consumer expectations.

Fortunately for us, lots of the instruments, knowledge, and programs exist already to
assist us construct a tradition of safety for Python. These instruments assist relay messages
between software program creators and customers so we are able to collaborate on this shared objective.

By actively taking part you might be beginning the optimistic suggestions loop of software program safety, making customers safer quicker!

Beneath is a listing of things that actions can implement to construct a tradition of safety for Python:

Maintainers

  • Undertake Trusted Publishers when you use GitHub Actions, GitLab CI/CD, Google Cloud Construct, or ActiveState to publish Python packages.
  • Use lock information for the construct and publish workflow, akin to pip-tools, Poetry, or PDM.
  • Undertake a light-weight safety coverage. Don’t stress about CVEs: repair, launch, publish a CVE.
  • Contribute new insecure code detections to Bandit.

Customers

  • Replace dependencies which have vulnerabilities. Prioritize tasks which might be linked to the web.
  • Replace software program on a semi-regular foundation to keep away from out-of-date and end-of-life software program. Staying up-to-date helps you with the ability to improve to mounted variations sooner or later.
  • Run assessments with PYTHONWARNINGS with DeprecationWarning and PendingDeprecationWarning set to errors to keep away from lacking deprecated options.
  • Create a safe open supply utilization coverage, utilizing verified knowledge to guage open supply tasks. Don’t set up new tasks with out checking your coverage first.
  • When you want a Software program Invoice-of-Supplies doc there are instruments out there to generate one. These instruments will enhance over time from new Python package deal SBOM requirements.
  • Add a vulnerability scanner like pip-audit, Grype, or Trivy.

References

Thanks for studying! ♡ Did you discover this text useful and need extra content material prefer it?
Get notified of recent posts by subscribing to the RSS feed or the electronic mail publication.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments