Looking into best practice to secure Python development / deployment
We use anaconda.com and python.org distribution of python. Developers install packages from anaconda channels and from pypi.org.
- what security risk is the firm exposed to by using this python with the above packages sources.
- what tools are available to scan for packages
- what is the industry recommended way to protect the frim from python related vulnerabilities?
- what processes should be put in place to mitigate security risks.
Snyk Python Security Guidelines Step by Step:
This guide is from snyk.io. They develop an in-code vulnerability fixer and python package advisor.