Pipelines for Securing your Python Development Lifecycle

Reference Repository from my Talk of the same title: Pipelines for Securing your Python Development Lifecycle

Important files/directories


samples	Contains samples of things that will cause the pipelines to fail
.gitlab-ci.yml	GitLab CI Config
.github/workflows/security.yml	GitHub CI Config
Pipeline results	[GitLab \| GitHub]

Please feel free to fork this repo and try it yourself.

Running tools locally

All of these tools can be run locally as well

Try with uvx:

uvx bandit -x .venv -r .
uvx pip-audit -r samples/requirements.txt

Gitleaks

Install gitleaks
gitleaks git --verbose --redacted .

Have a play with the malicious yaml payloads

uv run samples/naughty_yaml.py

More reading and examples: YAML Deserialization Attack in Python

TODOs and Possible Enrichments

Share some other usefull scripts for CI

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.github/workflows		.github/workflows
samples		samples
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.python-version		.python-version
LICENSE		LICENSE
README.md		README.md
pyproject.toml		pyproject.toml
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Pipelines for Securing your Python Development Lifecycle

Important files/directories

Running tools locally

Have a play with the malicious yaml payloads

TODOs and Possible Enrichments

About

Uh oh!

Packages

Uh oh!

License

iokiwi/python-security-pipelines

Folders and files

Latest commit

History

Repository files navigation

Pipelines for Securing your Python Development Lifecycle

Important files/directories

Running tools locally

Have a play with the malicious yaml payloads

TODOs and Possible Enrichments

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Packages 0

Uh oh!

Packages