# Chainguard Libraries for Python

URL: https://edu.chainguard.dev/software-security/learning-labs/ll202506.md
Last Modified: June 25, 2025
Tags: Learning Labs, Chainguard Libraries, Python

Learning Lab for June 2025 on Chainguard Libraries for Python and Supply Chain Security

The June 2025 Learning Lab with Patrick Smyth covers Chainguard Libraries for Python. Open source libraries help you move fast, but pulling in external dependencies can introduce supply chain risk. This session covers fundamental concepts of Chainguard Libraries, package managers and dependencies, PyPI and build tools, configuring repository managers, and running example application builds.
Sections 0:00 Introduction and welcome 0:54 Patrick Smyth introduction and background 1:47 Chainguard! Who are we? 2:47 Chainguard Containers and the “boss assigned me to fix Ubuntu” problem 4:12 Introduction to Chainguard Libraries for Python 5:04 Python libraries fundamentals - modules, packages, and libraries 6:34 The dependency graph problem and modern ecosystem challenges 8:57 PyPI (Python Package Index) overview and infrastructure 10:53 Supply chain attacks on the rise and threats to the Python ecosystem 11:39 Supply chain meme calendar - an attack every month this year 13:54 Anatomy of supply chain attacks and attack vectors 17:43 Chainguard Libraries! 19:34 Chainguard Factory overview and operational security 21:33 Case study: Ultralytics YOLO December 2024 attack 23:22 Technical caveats and requirements for Chainguard Libraries 25:06 Demo introduction and Flask project overview 27:48 Accessing demo materials on Chainguard Academy 29:00 Demo: Cloning and setting up the Flask project 31:17 Demo: Creating virtual environment and installing from PyPI 33:06 Demo: Running Flask application and testing with libCheck tool 34:28 Demo: Configuring pip for Chainguard Libraries via repository manager 36:19 Demo: Installing dependencies from Chainguard Libraries 37:02 Demo: Verification with libCheck 38:22 Demo: Containerizing the demo application 40:25 Demo: Building and running containerized Flask application 41:41 Additional configuration options and documentation resources 42:19 Q&A: Repository manager setup and configuration 43:26 Q&A: Architecture support and glibc requirements 44:34 Q&A: libCheck tool open source plans and detailed output 46:05 Q&A: CVE scanning with Grype and vulnerability management Demo In the demo, Patrick switches a Flask application to use Chainguard Libraries for Python, sourcing dependencies from a repository manager (Artifactory) set up to pull first from the Chainguard Libraries for Python index with a fallback to the Python Package Index (PyPI).
Demo Flask Application
Patrick demonstrates two approaches. First, he modifies the ~/.pip/pip.conf file to pull from the virtual repository set up in the repository manager:
[global] index-url = <repository-url>After changing this global setting, Patrick installs and runs the application from a virtual environment, then uses Chainguard’s libCheck tool to test the provenance of the packages in the virtual environment. Chainguard is in the process of releasing this tool under an open source license.
Patrick also updates the demo application’s requirements.txt file and build and run the application from a Chainguard Container.
Resource Links Slide deck Chainguard Libraries Chainguard Libraries documentation Chainguard Libraries for Python documentation Python global configuration Python build configuration Python Package Index (PyPI) pip documentation Python Packaging User Guide Cheese Must Stand: Defending the Python Library Ecosystem in 2025 at PyCon 2025