
#97 - Shift Left, Get Hacked: Supply Chain Attacks Hit Devs
From The DevSecOps Talks Podcast by Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin
April 15, 2026 · 36 min · Episode 97
About this episode
The episode discusses the impact of supply chain attacks on developers and ways to enhance security in developer environments.
March 2026 made supply chain attacks feel a lot less theoretical, but what made these incidents different? The hosts discuss compromised publishing credentials, automatic execution hooks like post-install scripts and Python `.pth` files, and how both humans and security tools caught the malicious releases. They also talk through concrete ways to make developer environments harder to abuse. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.DevSecOps Talks podcast LinkedIn pageDevSecOps Talks podcast websiteDevSecOps Talks podcast YouTube channel
People in this episode
Hosts: Mattias Hemmingsson, Julien Bisconti, Andrey Devyatkin
Topics covered
- supply chain attacks
- developer security
- malicious releases
- developer environments
- security tools
Keywords
- supply chain
- security
- developer
- malicious code
- Python
- security tools
- post-install scripts
Mentioned in this episode
Products: Python
More episodes of The DevSecOps Talks Podcast
- #102 - The 90-Day Patch Window Is Dead With Ian Amit And Matias Madou · June 5, 2026 · 51 min
- #101 - Infrastructure as Code in 2026: Still Essential or Already Changing? · June 4, 2026 · 38 min
- #100 - 100 Episodes Later: What Still Matters in DevSecOps · May 7, 2026 · 41 min
- #99 - AI SRE and the End of 3 AM On-Call · April 28, 2026 · 48 min
- #98 - Beyond AI SRE · April 21, 2026 · 37 min
- #96 - Keeping Platforms Simple and Fast with Joachim Hill-Grannec · April 1, 2026 · 49 min
Explore listener stats, chart rankings, contacts and more on the The DevSecOps Talks Podcast podcast page.