PyPI Use HTTPS with remote repositories

ID

use_https_remote_repositories_pip

Severity

low

Family

Use HTTPS with remote repositories

Tags

asvs50-v13.1.1, asvs50-v15.2.1, reachable, spvs10-v1.4.4, spvs10-v2.8.1

Description

The access to remote repositories must be used with HTTPS protocol.

Security

If you use https protocol man-in-the-middle attacks can be avoided.

Examples

--index-url http://my-index-url.com/

Mitigation / Fix

You can remove the repositories from the configuration files or use HTTPS protocol if it is available.