Chainguard Libraries for Python

Learning Lab for June 2025 on Chainguard Libraries for Python and Supply Chain Security

The June 2025 Learning Lab with Patrick Smyth covers Chainguard Libraries for Python. Open source libraries help you move fast, but pulling in external dependencies can introduce supply chain risk. This session covers fundamental concepts of Chainguard Libraries, package managers and dependencies, PyPI and build tools, configuring repository managers, and running example application builds.

Event Details

Date: June 24, 2025
Time: 1:00 PM - 2:00 PM EDT
Presenter: Patrick Smyth, Staff Developer Relations Engineer at Chainguard
Register

Topics

Software supply chain fundamentals
The Python ecosystem under threat
Package managers and dependencies in Python
PyPI and Python build tools
Configuring repository managers for Python
Running an example application on Libraries
Checking provenance of dependencies

Demo

In the demo, we switch a Flask application to use Chainguard Libraries for Python, sourcing dependencies from a repository manager (Artifactory) set up to pull first from the Chainguard Libraries for Python index with a fallback to the Python Package Index (PyPI).

Demo Flask Application

We demonstrate two approaches. First, we modify the ~/.pip/pip.conf file to pull from the virtual repository set up in the repository manager:

[global]
index-url = <repository-url>

After changing this global setting, we install and run the application from a virtual environment, then use Chainguard’s libCheck tool to test the provenance of the packages in the virtual environment. Chainguard is in the process of releasing this tool under an open source license.

We also update the demo application’s requirements.txt file and build and run the application from a Chainguard Container.

Resource Links

Last updated: 2025-06-22 00:00