vendredi 8 juillet 2016

python: PyPi public modules: How to determine if secure and safe?


I am have completed my python 3 application, and it is using multiple public modules from PyPi.

However, before I deploy it to run within my company's enterprise which will be handling credentials of our customers and accessing 3rd party APIs, I need to do due diligence that they are both secure and safe.

What steps must I perform:

  1. Validate security of PyPi modules and safe to use, and it is important to note that the target Python 3 app will be handling credentials?
  2. What is the most recommended way validate PyPi modules' signature?
  3. Can PyPi module signature be trusted?

By the way, the Python 3 application will be running within a Docker container.

Thank you


Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)