// posts

A Patched Vulnerability in PyUp’s “Safety” Open-Source Command-Line Tool (CVE-2020-5252)

March 20, 2020

At PyUp, we take the security of our users and their systems very seriously. That’s why we are informing you right away about a vulnerability that one of our …

Read more..

Finding security vulnerabilities in third party packages

March 26, 2018

Around a year and a half ago, we started building up a security database for third party Python packages. This allows us to give users fine grained control about what …

Read more..

Analyzing Django requirement files on GitHub

June 08, 2017

Django is the most popular Python web framework. It is now almost 12 years old and is used on all kinds of different projects. From small to super large, from …

Read more..

Pipfiles, pipenv and Docker

February 07, 2017

Exciting times in Python. With the recent introduction of Pipfiles and the new pipenv library it's time to rewrite our Dockerfiles to leverage all the goodness of modern Python packaging. …

Read more..

Don't trust user input

January 24, 2017

While I was working on pyup.io's database for known security vulnerabilities, I've manually reviewed thousands of changelogs and commits over a couple of weeks.

A lot of the security issues …

Read more..