santa
pip
santa | pip | |
---|---|---|
20 | 108 | |
4,309 | 9,282 | |
0.4% | 0.6% | |
8.9 | 9.8 | |
9 days ago | 4 days ago | |
Objective-C | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
santa
- Linux being secure is a common misconception
-
Unable to install ruby due to google santa
For anyone wondering: https://github.com/google/santa
-
Reporting on new installed applications
Have you looked at SANTA?
-
Remote Code Execution Vulnerability in Google They Are Not Willing to Fix
Not directly relevant but interesting...
https://github.com/google/santa
This is a product developed by Google that has at least been utilized internally to some extent. It's not perfect, but my previous company used it and it does prevent unexpected unknown code from running in the background.
What it does not do is prevent someone from intentionally downloading and executing a library unless the upvoter actually comes to some demand that you do so. I found that it quickly became a bit of a "alert fatigue" where you approve things your coworkers send you so they can get back to work without properly vetting.
-
is it possible to see what account made changes to the system?
If you really want to get draconian with your controls/logging have a look into https://github.com/google/santa
-
MacOS + MDM Policies (Privacy, Notifications, Native Apps)
Is your company open to adopting open source tooling? There is a tool called Santa that could be used to block binaries from executing.
- Possible to restrict which applications a user can install/execute?
-
On Oct 24th Apple will release macOS Ventura - Are you ready?
you may like https://github.com/google/santa
-
Uber Investigating Breach of Its Computer Systems
> Infostealers for Mac are a thing (Uber is a mac heavy shop I hear)
Block unknown executables on company machines. Google developed Santa to protect themselves: https://github.com/google/santa
> and that's all it takes to steal cookies and tokens post-mfa,
Make post-MFA cookies and tokens short-lived. Require MFA re-authentication at least daily.
> or why even bother with that, if you're running code just make it a reverse shell.
All outbound connections should be strictly monitored, especially from production servers, which should have no ability to make outbound connections. With modern dependency management, that's harder for build servers, but still doable.
-
What Anti-Keylogging Software do you use or recommend?
https://github.com/google/santa for anyone curious
pip
-
How to Create Virtual Environments in Python
Whenever you are working on a Python project that has external dependencies installed with pip, it is strongly recommended to first create a virtual environment.
-
Boring Python: dependency management (2022)
Unfortunately that feature is easy to break: https://github.com/pypa/pip/issues/9644
-
pip VS instld - a user suggested alternative
2 projects | 9 Dec 2023
-
sudo pip install should be illegal
I think I did my part https://github.com/pypa/pip/issues/6409
-
Can't seem to install Python YAML support
$ sudo pip install y$ sudo pip install yaml WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip. Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue. To avoid this problem you can invoke Python with '-m pip' instead of running pip directly. ERROR: Could not find a version that satisfies the requirement yaml (from versions: none) ERROR: No matching distribution found for yaml
-
Bun v0.6.0 – Bun's new JavaScript bundler and minifier
What are you implying will happen?
Using the build-in tools, you can save the exact versions of dependencies (i.e. a lock file) using "pip freeze >dependencies.txt". This should give you the exact same set of packages in two years' time.
If you want to be even more sure, you can also store hashes in the lock file. This has to be generated by a separate tools at the moment [1][2] but can be consumed by the built-in tools [3], so "pip install -r requirements.txt" is still all you need in two years' time.
[1] https://github.com/pypa/pip/issues/4732
[2] https://pip-tools.readthedocs.io/en/latest/#using-hashes
[3] https://pip.pypa.io/en/stable/topics/secure-installs/#hash-c...
-
My Goldilocks Python Setup: pyenv, pipx, and pip-tools
Here’s the issue, https://github.com/pypa/pip/issues/11664. I think the idea would be to have some file/json description of environment that could be passed to pip to allow it to fully cross compile. They are open to supporting it just needs contributor to be found to implement it and go through review/discussion.
-
Remote Code Execution Vulnerability in Google They Are Not Willing to Fix
To be fair the only alternative is fixing Python, and even then you still would have to wait a good 5 years at least for all the old Python versions to dwindle.
It doesn't look like the fixing effort is progressing very quickly: https://github.com/pypa/pip/issues/8606
To their credit, at least they didn't close it "works as intended" which I imagine a lot of projects would.
-
Pip 23.1 Released - Massive improvement to backtracking
Another good benchmark to trying to resolve apache-airflow[all]==1.10.13 using the state of PyPi on 2020-12-02, I give instructions here on how to reproduce that workflow: https://github.com/pypa/pip/issues/11836. Including a benchmark how how many extra packages your resolver should visit.
- will upgrading pip break things?
What are some alternatives?
sequelpro - MySQL/MariaDB database management for macOS
mamba - The Fast Cross-Platform Package Manager
macOSLAPS - Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
Poetry - Python packaging and dependency management made easy
macos_security - macOS Security Compliance Project
PDM - A modern Python package and dependency manager supporting the latest PEP standards
MacPass - A native macOS KeePass client
conda - A system-level, binary package and environment manager running on all major operating systems and platforms.
CocoaLumberjack - A fast & simple, yet powerful & flexible logging framework for macOS, iOS, tvOS and watchOS
pip-tools - A set of tools to keep your pinned Python dependencies fresh.
CIS-for-macOS-Catalina-CP - CIS Benchmarks for macOS Catalina
wheel - Adoption analysis of Python Wheels: https://pythonwheels.com/