Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Learn to defend the Python package ecosystem against sophisticated supply chain attacks in this comprehensive conference talk from PyCon US. Examine the increasing frequency and sophistication of attacks targeting PyPI's 600,000 packages that power critical infrastructure across industries. Analyze real-world 2024 attacks including the Ultralytics token compromise and the NP6 combined typosquatting and DLL sideloading attack, alongside historical examples like revival hijack attacks and the 2022 PyTorch dependency confusion incident. Explore critical security developments and mitigation strategies including provenance transparency logs using Sigstore, progressive supply chain security levels with SLSA, Software Bills of Materials (SBOMs), and artifact scanners such as Grype and Trivy. Gain insights from Chainguard's Guarded Ecosystems for Python development, an alternative package index that rebuilds packages from scratch. Discover practical, low-hanging fruit solutions for securing Python projects and infrastructure, with accessible explanations suitable for intermediate-level understanding of software supply chain security concepts.
