Sitemap
Artefact Engineering and Data Science

Artefact is a tech company dedicated to solving data challenges by combining state-of-the-art Machine Learning and advanced software engineering. We leverage our business knowledge to deliver tailor-made solutions and bring value to our clients. www.artefact.com @ Artefact

Follow publication

How to secure your Python software supply chain

6 min readOct 28, 2021

--

Photo by Reproductive Health Supplies Coalition on Unsplash

Introduction

The supply chain concept applied to the Software Industry (source)

How to manage your dependencies in Python

pip install <my package>
pip install <my package> --extra-index-url <url internal index>
The process that pip follows when you use the — extra-index-url option
The process that pip follows illustrated with a simple example (icons by freepik and smashicons)
credits

How to defend against these supply chain attacks

$ python3 -m venv my-env # create a new virtual environment$ source my-env/bin/activate # activate it$ pip install pip-tools==6.3.0 # install the package that will let you properly manage your dependencies$ echo “sacremoses==0.0.46” >> requirements.in # add the package of your choice in requirements.in$ pip-compile --generate-hashes # compiles requirements.txt with hashes based on what you put in requirements.in
Example of a requirements.txt file generated with pip-tools
pip install --require-hashes -r requirements.txt
pip install command documentation

Summary

--

--

Artefact Engineering and Data Science
Artefact Engineering and Data Science

Published in Artefact Engineering and Data Science

Artefact is a tech company dedicated to solving data challenges by combining state-of-the-art Machine Learning and advanced software engineering. We leverage our business knowledge to deliver tailor-made solutions and bring value to our clients. www.artefact.com @ Artefact

Benoît Goujon
Benoît Goujon

Written by Benoît Goujon

Data engineer at Artefact. Python addict.

No responses yet