{"id":78686,"date":"2022-08-26T06:00:00","date_gmt":"2022-08-26T10:00:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=78686"},"modified":"2026-01-26T16:34:51","modified_gmt":"2026-01-26T14:34:51","slug":"automatic-execution-of-code-upon-package-download-on-python-package-manager","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/","title":{"rendered":"Automatic Execution of Code Upon Package Download on Python Package Manager"},"content":{"rendered":"

\n\n\n<\/p>\n

Automatic code execution is triggered upon downloading approximately one third of the packages on PyPi.<\/strong><\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

It is important that python developers understand that package downloading can expose them to an increased risk of a supply chain attack.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Intro<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

When executing the well-known \u201cpip install <package_name>\u201d command, users may expect code to be run on their machine as part of the installation process. One source of such code usually resides in the setup.py file of python packages.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

When a python package is installed, pip, python\u2019s package manager, tries to collect and process the metadata of this package, such as its version and the dependencies it needs in order to work properly. This process occurs automatically in the background by pip running the main setup.py<\/strong> script that comes as part of the package structure.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

\"\"<\/figure>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

setup.py example<\/em><\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

The purpose of setup.py<\/strong> is to provide a data structure for the package manager to understand how to handle the package.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

However, the setup.py<\/strong> file is still a regular python script that can contain any code the developer of the package would like. An attacker who understands this process can plant malicious code in the setup.py<\/strong> file, which would then execute automatically during the package\u2019s installation. In fact, much of the malicious packages we are detecting contain malicious code in the setup.py<\/strong> file.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

What if we just download the package rather than install it?<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

In addition to the \u201cinstall\u201d command, pip provides several more options, among them is the \u201cdownload\u201d command. This command is intended to allow users to download packages\u2019 files without the need to install them.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

There could be various reasons someone would need this. For example, a developer may want to look into the package\u2019s code before using it. A user may want or need to perform a security check, or perhaps even observe the setup.py file for any anomalies.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

As it turns out, executing the command \u201cPip download <package_name>\u201d<\/em> will run the setup.py<\/strong> file, as well as any potentially malicious code contained within it. It may surprise you, but this behavior is not a bug but rather a feature in the pip design. Users who intentionally only download a package do not expect code to run on their system automatically.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

As a matter of fact, this concern was expressed in an issue from 2014 on the pypa project https:\/\/github.com\/pypa\/pip\/issues\/1884<\/a>, yet it was not addressed, and the issue continues to exist to this day.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

The .whl file type<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Python wheels are essentially .whl<\/strong> files that are part of the Python ecosystem and bring various performance benefits to the package installation process. But that is not the only thing that wheels bring to the table. In the past, when python code was built into a package, the result would be a tar.gz<\/strong> file that would then be published to the PyPi platform. tar.gz<\/strong> files include the setup.py<\/strong> file which is run upon download and installation.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

But suppose you’ve recently tried downloading or installing a Python package using pip<\/a>. In that case, you may have noticed Python supplying you with a .whl <\/strong>file. The reason for this is when developers build a python package using, for example, the pip -m build”<\/strong><\/em> command, in newer pip versions, pip automatically tries to create a secondary .whl<\/strong> file in addition to the tar.gz <\/strong>file, which is then published together to the Python Package manager platform. When a user downloads or installs this package, PIP will by default deliver the .whl <\/strong>file to the user’s machine. The way wheels work cuts the setup.py<\/strong> execution out of the equation.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Why is the setup.py still relevant?<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Even though pip defaults to using wheels instead of tar.gz<\/strong> files, malicious actors can still intentionally publish python packages without a .whl<\/strong> file. When a user downloads a python package from PyPi, pip will preferentially use the .whl <\/strong>file, but will fall back to the tar.gz<\/strong> file if the .whl<\/strong> file is lacking.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Is there anything you can do about this?<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Currently, there are actions users can take to prevent automatic execution upon package download. One action is checking the package file contents at https:\/\/pypi.org\/project\/<package>\/#files <\/strong>and observing if a .whl <\/strong>file is present. If there is a .whl<\/strong> file, the user can feel confident they will receive the .whl file, and no code will be executed on their machine.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

\"\"<\/figure>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

If there is only <\/strong>a tar.gz <\/strong>present, a user can use a safe method of download such as working directly with PyPi’s “simple” API: https:\/\/pypi.org\/simple\/<package-name>\/<\/a>. For example, when using the package listed above, prp1, a user can download it from the following link https:\/\/pypi.org\/simple\/prp1\/<\/a>.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

\"\"<\/figure>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Conclusion<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Code execution upon installation is one of the features attackers use the most in open-source attacks. Developers opting to download, instead of installing packages, are reasonably expecting that no code will run on the machine upon downloading the files. However, PyPi includes a feature allowing just that\u2014code execution on the user\u2019s machine when all that was requested was a file download.<\/p>\n\n\n\n

It is possible to protect yourselves from suspicious package by following the steps detailed above.<\/p>\n\n\n\n

As always, we are releasing similar blogs to help keep the open-source<\/a> ecosystem safe and raise the awareness of python developers to this issue so they can avoid unwanted consequences.<\/p>\n\n\n\n

\n\n\n\n

\n\n<\/p>\n

To learn more about how Checkmarx is helping secure the open-source software supply chain, download our white paper: Don\u2019t Take Code from Strangers \u2013 An Introduction to Checkmarx Supply Chain Security<\/a><\/p>\n

\u00a0<\/p>","protected":false},"excerpt":{"rendered":"

Automatic code execution is triggered upon downloading approximately one third of the packages on PyPi. A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild […]<\/p>\n","protected":false},"author":66,"featured_media":79359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[87,189,395,406,397,190,403,188,385],"class_list":["post-78686","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-appsec","tag-article","tag-awareness","tag-checkmarx-application-security-platform","tag-developer","tag-english","tag-leadership","tag-open-source-security","tag-supply-chain-security"],"acf":[],"yoast_head":"\nAutomatic Execution of Code Upon Package Download on Python Package Manager - Checkmarx.com<\/title>\n<meta name=\"description\" content=\"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automatic Execution of Code Upon Package Download on Python Package Manager\" \/>\n<meta property=\"og:description\" content=\"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-26T10:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-26T14:34:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/thumbnail-option-e1663349748796.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1134\" \/>\n\t<meta property=\"og:image:height\" content=\"623\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Yehuda Gelb\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Automatic Execution of Code Upon Package Download on Python Package Manager\" \/>\n<meta name=\"twitter:description\" content=\"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/thumbnail-option-e1663349748796.png\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Yehuda Gelb\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\"},\"author\":{\"name\":\"Yehuda Gelb\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/ffc149f6ac6a01fc7fcb526a7accda8b\"},\"headline\":\"Automatic Execution of Code Upon Package Download on Python Package Manager\",\"datePublished\":\"2022-08-26T10:00:00+00:00\",\"dateModified\":\"2026-01-26T14:34:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\"},\"wordCount\":1038,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg\",\"keywords\":[\"AppSec\",\"Article\",\"Awareness\",\"Checkmarx Application Security Platform\",\"Developer\",\"English\",\"Leadership\",\"Open-Source Security\",\"SSCS\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\",\"name\":\"Automatic Execution of Code Upon Package Download on Python Package Manager - Checkmarx.com\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg\",\"datePublished\":\"2022-08-26T10:00:00+00:00\",\"dateModified\":\"2026-01-26T14:34:51+00:00\",\"description\":\"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg\",\"width\":1600,\"height\":793},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/ffc149f6ac6a01fc7fcb526a7accda8b\",\"name\":\"Yehuda Gelb\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_66.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_66.jpg\",\"caption\":\"Yehuda Gelb\"},\"url\":\"https:\/\/checkmarx.com\/author\/yehudagelb\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automatic Execution of Code Upon Package Download on Python Package Manager - Checkmarx.com","description":"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/","og_locale":"en_US","og_type":"article","og_title":"Automatic Execution of Code Upon Package Download on Python Package Manager","og_description":"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.","og_url":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2022-08-26T10:00:00+00:00","article_modified_time":"2026-01-26T14:34:51+00:00","og_image":[{"width":1134,"height":623,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/thumbnail-option-e1663349748796.png","type":"image\/png"}],"author":"Yehuda Gelb","twitter_card":"summary_large_image","twitter_title":"Automatic Execution of Code Upon Package Download on Python Package Manager","twitter_description":"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.","twitter_image":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/thumbnail-option-e1663349748796.png","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Yehuda Gelb","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/"},"author":{"name":"Yehuda Gelb","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/ffc149f6ac6a01fc7fcb526a7accda8b"},"headline":"Automatic Execution of Code Upon Package Download on Python Package Manager","datePublished":"2022-08-26T10:00:00+00:00","dateModified":"2026-01-26T14:34:51+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/"},"wordCount":1038,"commentCount":0,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg","keywords":["AppSec","Article","Awareness","Checkmarx Application Security Platform","Developer","English","Leadership","Open-Source Security","SSCS"],"articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/","url":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/","name":"Automatic Execution of Code Upon Package Download on Python Package Manager - Checkmarx.com","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg","datePublished":"2022-08-26T10:00:00+00:00","dateModified":"2026-01-26T14:34:51+00:00","description":"A worrying feature in pip\/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/automatic-execution-of-code-upon-package-download-on-python-package-manager\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/08\/Blog_python_automatic-execution.jpg","width":1600,"height":793},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/ffc149f6ac6a01fc7fcb526a7accda8b","name":"Yehuda Gelb","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_66.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_66.jpg","caption":"Yehuda Gelb"},"url":"https:\/\/checkmarx.com\/author\/yehudagelb\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/78686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=78686"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/78686\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/79359"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=78686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=78686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=78686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}