Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Add logs and snapshots (virtual breakpoints) to live applications - without stopping them.
Lightrun is a developer-native observabity platform. It's a way to add logs, inspect the state of the current execution (in a familiar, debugger-like view), and extract any type of code-level metric on the fly - without redeploying, restarting or even stopping the running application.
Check out our docs to learn more.
To get started with Lightrun you'll need three things:
Once you've signed up for an account and downloaded the plugin, you can install the agent in your application.
In order to install the Lightrun Python Agent please follow these steps:
Install the python agent by running python -m pip install lightrun
.
Add the following code to the beginning of your main
function:
try:
import lightrun
lightrun.enable(company_key='<COMPANY_SECRET>')
except ImportError as e:
print("Error importing Lightrun: ", e)
You will have a <COMPANY-SECRET>
auto-generated for you during the onboarding process, right after signing up for an account.
python app.py
.You should see the application's agent popping up in the Lightrun Plugin's sidebar - you can now add logs, snapshots and metrics to your application.
You can optionally choose to provide the <COMPANY-SECRET>
as program argument.
To do so, run your application in the following way:
python -m lightrun --company_key='<COMAPNY-SECRET>' -- app.py
Notice - The method above won't work well with applications based on gunicorn
or any other multiprocessing libraries, as the debugger won't attach to the spawned sub-processes. Please use the import method instead.
In order to run a Django web server with the Lightrun agent please follow these steps:
python -m pip install lightrun
manage.py
file and run your Django application as you did normally before:try:
if os.environ.get('RUN_MAIN') or '--noreload' in sys.argv:
import lightrun
lightrun.enable(company_key='<COMAPNY-SECRET>')
except ImportError as e:
print("Error importing Lightrun: ", e)
In order to run a Flask web app with the Lightrun agent please follow these steps:
python -m pip install lightrun
init.py
or app.py
(the import shouldn't be added to a specific routed method, but to the main file code instead):try:
import lightrun
lightrun.enable(company_key='<COMAPNY-SECRET>')
except ImportError as e:
print("Error importing Lightrun: ", e)
# Example route
@app.route("/")
def hello_world():
return '<p>Hello world!</p>'
In order to run Lightrun for Python with Apache Airflow you'll need to decide which step of the DAG you'd like to debug. Choose one (or more) steps and:
python -m pip install lightrun
.@lightrun_airflow_task()
def operator_name():
# Operator code
Please note that the Lightrun free tier limits usage to one agent per user. In practice, note this means that each operator can be debugged individually, but you cannot debug multiple operators simultaneously.
FAQs
Add logs and snapshots (virtual breakpoints) to live applications - without stopping them.
We found that lightrun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.