Devconf.cz 2023

In 2023, the Python software development ecosystem and the community that supports it remain as vibrant as ever. Therefore Python developers, especially in a DevOps environment, have many resources they can use to write more secure tools and applications. We will discuss Python-specific security challenges such as secure Python package management and dependency resolution, and Python-specific ways to implement other security measures such as secrets management, static application security testing (SAST), basic network security practices, and instituting secure best practices in the codebase. We will provide a survey of community-supported and enterprise tools and services that support these practices, from pip-tools and Bandit to HashiCorp Vault and SonarQube. We will pay particular attention to how these practices and tools can be integrated into the work of teams using continuous integration and deployment (CI/CD).