Supply chain attacks on Python package infrastructure increased in frequency and sophistication in2024. As PyPI comes under threat, how can we continue to secure our beloved cheese shop through 2025?
The 600k packages in PyPI power sensitive infrastructure in almost every critical industry, and it's no surprise that the Python library ecosystem is a target. In 2024 alone, the Ultralytics token compromise and the NP6 combined typosquatting and DLL sideloading attack show the sophistication of these supply chain attacks.
In the first part of this talk (12 minutes), we'll look back at these 2024 attacks and also consider examples such as the "revival hijack" attack vector and the 2022 dependency confusion attack on PyTorch. In the second portion (12 minutes), we'll dig into some critical developments in this area that have helped to mitigate recent attacks, such as:
- Provenance transparency logs using Sigstore
- Progressive supply chain security levels with SLSA
- Software Bills of Materials (sbomS)
- Artifact scanners such as Grype and Trivy
We will also briefly discuss specific insights from developing Chainguard’s Guarded Ecosystems for Python, an ambitious alternative package index that rebuilds included packages from scratch. The final takeaway: while mitigations exist for these threats, they're not equally distributed, and we'll point out low hanging fruit for securing projects and infrastructure (3 minutes).
This talk will be an accessible introduction to an intermediate topic (software supply chain security). Expect some cheesy puns and memes as we deal with this muenster problem—all in excellent taste, of course.
Patrick recently received best speaker at SwampUP 2024. Srishti and Patrick recently teamed up for PyTorch 2024.