Python pip information.
The pip package manager with pypi is tier 1.
| Control | Status | Comments |
|---|---|---|
| Strong Authentication | Optional | |
| MFA To Push Artifacts | No | |
| Security Contacts | Yes | |
| Packages Can Notify of Security Issues | ??? | |
| Code package tied to source code | No | |
| Update notifications | No | |
| Code signing | ??? | |
| Code analysis (static) | No | |
| Code Dependency Analysis | No | safety |
| Package Manager Does Not Run Code | No, it does | |
| Package Manager Does Not Collect Info | ??? | |
| Project Roles Guide | No | |
| Project Roles Review | No | |
| Account Level Library Tagging | No |