The OpenSSF has released the first version of the Secure Coding Guide for Python (pyscg), a framework-independent, open source resource targeting CPython ≥ 3.9. The guide covers 50+ rules across 9 sections including input neutralization, OS command injection, SQL injection, deserialization, concurrency, cryptography, and logging. Each rule includes a non-compliant code example demonstrating the vulnerability and a compliant example showing the fix, with mappings to MITRE CWE entries and real-world CVEs paired with CVSS and EPSS scores for evidence-based risk assessment. The guide is designed for new developers as a self-study resource, but also serves security researchers, educators, and AI/static analysis tools. It is available on GitHub under a CC-BY-4.0 license and community contributions are welcome.
Table of contents
Why We Built This GuideWhy Python Needs a Secure Coding GuideWhat the Guide CoversPractical, Working Code ExamplesWho Is This Guide For?How to Get InvolvedSort: