ActiveState Blog

Python Artifact Repositories20220908132036

Python Artifact Repositories

Dana CraneLast Updated: October 19, 2022ActiveState Artifact Repository, artifact repository, curated Python catalog, Python Artifact Repository, supply chain security
Learn how to enable Dev and DevOps teams with secure, easily updatable Python wheels distributed via the ActiveState Artifact Repository....
Python Packages Execute Malicious Code Automatically20220902151643

Python Packages Execute Malicious Code Automatically

Dana CraneLast Updated: September 2, 2022python malware, Python supply chain security, setup.py, software supply chain security
Pip install and pip download can compromise your system with malware. Learn how you can counter this software supply chain threat....
What Are Supply Chain Levels for Software Artifacts (SLSA)?20220901091512

What Are Supply Chain Levels for Software Artifacts (SLSA)?

Nicole SchwartzLast Updated: October 19, 2022provenance, SLSA, software supply chain security, Supply chain levels for Software Artifacts
SLSA improves software supply chain security by providing a framework for sourcing and building software more securely. Learn how....
Securing the Ruby Software Supply Chain20220825120031

Securing the Ruby Software Supply Chain

Dana CraneLast Updated: August 25, 2022dependency confusion, ruby, ruby programming language, rubygems, secure build service, supply chain security, typosquatting
Securing your Ruby software supply chain from end to end means implementing import, build and usage controls. Learn how....
How Neural Networks Work20220818091235

How Neural Networks Work

Faith KilonziLast Updated: August 18, 2022convoluted neural networks, deep learning, image classification, machine learning, neural networks, python programming, saliency maps
Learn how to use saliency maps to understand which parts of a photo neural networks consider important when classifying images....
How to Manage Programming Language Upgrades and EOL20220811130311

How to Manage Programming Language Upgrades and EOL

Dana CraneLast Updated: August 11, 2022End of Life, EOL, EOL support, Open source programming languages, Programming language upgrades
Learn how to reduce the costs of upgrading open source languages, as well as best practices when a programming language becomes EOL....
GitHub Flooded with Malware20220808111356

GitHub Flooded with Malware

Dana CraneLast Updated: August 8, 2022dependency confusion, github, malware, supply chain security, typosquatting
GitHub becomes weakest link in the software supply chain. Learn what you can do about it....
Top 10 Malicious Package Scanners20220804153726

Top 10 Malicious Package Scanners

Mike MackroryLast Updated: August 4, 2022Black Duck, BluEye, dependency confusion, Loki, malware, Nexus Firewall, Pypi-scan, RetireJS, SonarQube, supply chain security, Tidelift, typosquatting, upguard
Learn the top tools for detecting malware & typosquatting as well as countering dependency confusion in open source dependencies....
How To Detect Typosquatting With Python20220728124251

How To Detect Typosquatting With Python

Vince PowerLast Updated: August 4, 2022artificial intelligence, machine learning, python programming, typosquatting, typosquatting detector
Learn how to detect typosquatted packages before you import them by following along with this Python ML tutorial....
How to Prevent Dependency Confusion20220721151717

How to Prevent Dependency Confusion

Dana CraneLast Updated: July 21, 2022dependency confusion, dependency vendoring, secure build service, supply chain security
Learn the simple best practices you can implement to mitigate the risk of dependency confusion supply chain attacks....