The Python ecosystem is under constant threat in 2025. Every month, a new high-profile set of malicious uploads to the Python Package Index is discovered. In December 2024, one of the most serious supply chain attacks in recent memory targeted the popular Ultralytics YOLO Python package. Supply chain threats such as repojacking, typosquatting, and slopsquatting are now endemic.
Complicating this picture, common infrastructure for running Python in production, such as the official Python container image, contains hundreds of known vulnerabilities. At time of writing, this includes 8 vulnerabilities rated critical and 115 rated high. These vulnerabilities in the Python runtime and OS stack are notably difficult for organizations to remediate — what we call the “boss assigned me to fix Ubuntu” problem.
In this webinar, we’ll explore practical ways to secure your Python workloads in 2025. We’ll cover supply chain fundamentals, including the CVE system. We’ll discuss and demo the state-of-the-art in scanning and signing and introduce the Sigstore and SLSA projects. We’ll cover recent efforts by the Python Package Index to secure their end of the supply chain. We’ll also dig into two solutions offered by Chainguard, Chainguard Containers and Chainguard Libraries, that can accelerate the Python supply chain journey at your organization.
In 2025, it’s not good enough to pip install and pray. The integrity of your Python production code is critical, and it’s time to take supply chain security as seriously as application security. No matter where you are in your software supply chain security journey, join us and take the security of your Python workloads to the next level.
