Enhancing Software Supply Chain Security with Open Source Python Tools

🔊 Recorded at PyCon DE & PyData 2025, April 23, 2025 https://2025.pycon.de/program/M98YBR/ 🎓 As the EU Cyber Resilience Act transforms software security requirements, Python tools emerge as key enablers for supply chain transparency and vulnerability management. Speakers: Anthony Harrison Description: In this presentation, Anthony Harrison examines the critical role of software supply chain security in light of the EU Cyber Resilience Act (CRA). Harrison explores practical approaches to meeting CRA requirements using open source Python tools, with particular focus on Software Bills of Materials (SBOMs) and vulnerability management. The talk addresses two key CRA mandates: ensuring products are free from exploitable vulnerabilities and maintaining comprehensive software dependency documentation. Harrison demonstrates how SBOMs serve as essential artifacts for tracking software components, dependencies, and potential security risks throughout the product lifecycle. He presents several open source tools he has developed for SBOM generation and analysis, which support multiple formats including SPDX and CycloneDX. The presentation emphasizes the importance of consistent component naming, license identification, and vulnerability assessment processes. Harrison argues that effective vulnerability management requires not just detection but also proper analysis and documentation of exploitability. The talk concludes by highlighting how organizations must prepare for CRA compliance by implementing systematic approaches to software supply chain security, with particular attention to continuous monitoring and documentation of dependencies and vulnerabilities. ⭐️ About PyCon DE & PyData: The PyCon DE & PyData conference unite the Python, AI, and data science communities, offering a unique platform for collaboration and innovation. The PyCon DE & PyData 2025 conference, provided an exceptional experience, fostering deeper connections within the Python community while showcasing advancements in AI and data science. Attendees enjoyed a diverse and engaging program, solidifying the event as a highlight for Python and AI enthusiasts nationwide. Follow us: • LinkedIn: https://www.linkedin.com/company/28908640/ • X: https://www.x.com/pyconde Links: • Conference website: http://pycon.de • Other sessions: https://2025.pycon.de/talks/ The conference is organized by • Python Softwareverband e.V.: http://pysv.org • NumFOCUS Inc.: http://numfocus.org • Pioneers Hub gemeinnützige GmbH: http://pioneershub.org If you enjoyed this session, please like, comment, and subscribe to our channel for more insightful talks and discussions. Share this video with your network to spread the knowledge! Hashtags: #Python #PyConDE #PyData #OpenSource #AI #DataScience #MachineLearning #SoftwareDevelopment #LLMs #Community Acknowledgements: Special thanks to all the volunteers and sponsors who made this event possible. About: Python Softwareverband e.V.: PySV is a non-profit that promotes the use and development of Python in Germany through events, education, and advocacy, fostering an open Python community. NumFOCUS Inc. supports open-source scientific computing by providing financial and logistical support to key projects like NumPy and Jupyter, promoting sustainable development and collaboration. Pioneers Hub gemeinnützige GmbH: is a non-profit fostering innovation in AI and tech by connecting experts and promoting knowledge exchange through events and collaborative initiatives.