Secure Coding Guide for Python (pyscg) First Release

New developers require a single, framework-independent resource to establish a baseline in secure coding practices.

Python is one of the most widely adopted programming languages in the world, powering everything from web applications and data pipelines to AI/ML systems and cloud infrastructure. Yet adequate secure coding resources for Python to meet these needs of new developers haven’t been available. The OpenSSF Secure Coding Guide for Python closes that gap by providing developers with a practical, example-driven resource for writing more secure Python code. The guide covers over 50 rules across 9 sections, each with working code examples that demonstrate both the vulnerability and its mitigation.

Why We Built This Guide

Comprehensive secure coding standards have long existed for languages like Java (SEI CERT Oracle Coding Standard for Java), C, and C++. For Python, the available resources were either high-level and language-agnostic, or tied to a single web framework. When onboarding new developers, we needed a baseline of secure coding knowledge that was framework-independent, covered core Python, and could serve as a self-study resource without requiring 40+ hours of training. Nothing like that existed, so we built it ourselves under the OpenSSF Best Practices Working Group.