I am new to SOC team and have been given the task to check Python packages from the security standpoint for any vulnerabilities or if that python package is safe to install on our laptop or not. So, for example: If a user type: pip install numpy in Windows cmd to install numpy library, What all steps or checks I can perform to confirm that the installed package is safe and does not contain any vulnerabilities? Please help me on this.
Asked
Active
Viewed 35 times
0
-
1Does this answer your question? [How to vet third-party developer packages](/questions/261720/), [security reviews of third party code](/questions/64322/), [How am I ever going to be able to "vet" 120,000+ lines of Composer PHP code not written by me?](/questions/222457), [Which security measures does PyPI and similar third-party software repositories take?](/questions/79326/) – Steffen Ullrich Aug 06 '22 at 11:52
-
Thanks a lot Steffen. These links are helpful and I will be able to take a lot of helpful points for my work. – Sujit_Singh Aug 07 '22 at 03:28