#97 - Shift Left, Get Hacked: Supply Chain Attacks Hit Devs

#97 - Shift Left, Get Hacked: Supply Chain Attacks Hit Devs

From The DevSecOps Talks Podcast by Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin

April 15, 2026 · 36 min · Episode 97

About this episode

The episode discusses the impact of supply chain attacks on developers and ways to enhance security in developer environments.

March 2026 made supply chain attacks feel a lot less theoretical, but what made these incidents different? The hosts discuss compromised publishing credentials, automatic execution hooks like post-install scripts and Python `.pth` files, and how both humans and security tools caught the malicious releases. They also talk through concrete ways to make developer environments harder to abuse. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.DevSecOps Talks podcast LinkedIn pageDevSecOps Talks podcast websiteDevSecOps Talks podcast YouTube channel

People in this episode

Hosts: Mattias Hemmingsson, Julien Bisconti, Andrey Devyatkin

Topics covered

  • supply chain attacks
  • developer security
  • malicious releases
  • developer environments
  • security tools

Keywords

  • supply chain
  • security
  • developer
  • malicious code
  • Python
  • security tools
  • post-install scripts

Mentioned in this episode

Products: Python

More episodes of The DevSecOps Talks Podcast

Explore listener stats, chart rankings, contacts and more on the The DevSecOps Talks Podcast podcast page.