The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, …| JFrog
PyPI now has a new, improved way to report malware.| blog.pypi.org
A deeper dive into the remediation of the security audit findings for the cabotage project.| blog.pypi.org
GitHub will now scan public repositories' issues for PyPI API tokens, and will notify repository owners when they are found.| blog.pypi.org
Publishing to PyPI with a Trusted Publisher| docs.pypi.org