mgpy uses a layered security strategy: repository hygiene, build validation, runtime licensing and release verification all support each other.
Key points
- CLI: On Windows the examples use the recommended
py -3.12 -m <module> ...form (for examplepy -3.12 -m manifestguard ...). On Linux/macOS this usually maps topython3.12 -m .... - Security does not stop at source code and must include wheels, hooks, CI and local activation data.
- Inline suppressions are exception tools, not the standard workflow.
- A secure release path is only credible when local and CI checks cover the same risks.
Recommended mgpy workflow
- Review development, build and distribution concerns separately, then merge them into one release view.
- Run the pre-release check and security scan together before every release.
- Treat license status, artifact content and static findings as one approval package.
Quick start
invoke pre-release-check
invoke security-scan
py -3.12 -m manifestguard license status