Skip to main content

Mastering Python virtual environments: A complete guide to venv, Docker, and securing your code

Écrit par:
blog-feature-snyk-container-custom-base-image-recommendations

10 janvier 2024

0 minutes de lecture

Python, as a versatile and widely used programming language, has an extensive ecosystem of modules and packages. As you navigate this ecosystem, it's important to understand the role of virtual environments. In this article, we will delve into what virtual environments are, why developers need them, and some common tools for creating Python virtual environments.

What are virtual environments?

A virtual environment is a self-contained directory tree that contains a Python installation for a particular version of Python, plus a number of additional packages. Virtual environments help separate the dependencies used by different projects by creating isolated spaces for them. This means that each of your projects can have its own dependencies, regardless of what dependencies every other project has.

Let's take a look at an example of how to create a virtual environment using Python's built-in venv module:

$ python3 -m venv /path/to/new/virtual/environment

In the above command, /path/to/new/virtual/environment can be replaced with the destination of your choice. This command creates a directory if it doesn't already exist and sets up a new virtual environment at the specified location.

Why developers need virtual environments

When working on multiple Python projects, each project may require different versions of Python and Python packages. Installing everything globally could lead to version conflicts and other issues. This is where virtual environments come in.

Virtual environments allow developers to work on multiple Python projects without worrying about interdependencies. They provide an isolated space where you can install Python and other packages, ensuring that each of your projects has its own set of dependencies that do not interfere with each other.

Additionally, virtual environments help ensure that your projects are reproducible. This is extremely important when you're working on a team and need to share your code with others.

Different tools for creating Python virtual environments

There are several tools available for creating Python virtual environments. Here are a few examples:

venv: This is a standard Python library in Python 3.3 and later. It creates a virtual environment and manages it.
In the above command, /path/to/new/virtual/environment can be replaced with the destination of your choice. This command creates a directory if it doesn't already exist and sets up a new virtual environment at the specified location.

$ python3 -m venv myenv

virtualenv: This is a very popular tool that creates isolated Python environments. It's older than venv and has more features.

$ pip install virtualenv
$ virtualenv myenv

pipenv: This is a tool that aims to bring the best of all packaging worlds to the Python world. It harnesses Pipfile, pip, and virtualenv into one single command.

$ pip install pipenv
$ pipenv --three

So, in essence, virtual environments are an essential part of Python development. Whether you are a seasoned Python developer or just starting, understanding and using virtual environments will significantly enhance your development process.

Using venv to create Python virtual environments

Next, we will explore how to use venv, a built-in Python module, to create virtual environments. Leveraging virtual environments in Python is a best practice for isolating project-specific dependencies and maintaining clean development ecosystems. This makes venv an essential tool for developers and DevOps specialists dealing with Python applications.

How to create a virtual environment using venv

Creating a virtual environment using venv is straightforward. In your terminal, navigate to your project directory and run the following command:

python3 -m venv myenv

This command will create a new directory named myenv in your current directory. This new directory houses the virtual environment and contains the Python interpreter, the standard library, and various supporting files.

How to activate and use the virtual environment

Once you've created your virtual environment, you'll need to activate it. Activating the environment adjusts your PATH so that the python command runs the version from your virtual environment — rather than the global Python interpreter.

You can activate the virtual environment using the following command:

source myenv/bin/activate

Upon activation, your terminal prompt will change to indicate the active environment. Your terminal should look something like this:

(myenv) $

You can now install packages in this environment without affecting your global Python setup.

Installing Python 3 in the virtual environment

Given that the venv module comes with Python 3.3 and later, Python 3 is automatically installed in the virtual environment when you create it. However, you can specify a different Python version when creating the environment. For example, to create an environment with Python 3.7, you would use the following command:

python3.7 -m venv myenv

Verifying the installation

To confirm that Python 3 is installed in your virtual environment, you can use the following command:

python --version

This command should return the Python version that is installed in your environment.

Remember, using venv to create and manage virtual environments is an essential skill in Python development. It's an effective way to manage project dependencies and ensure the consistency and reliability of your projects.

Bonus: Setting up a local Python development environment in a Docker container

Using Docker containers is a good way to create reproducible artifacts and avoid versioning issues with your native operating system. Let’s cover how to set up a local Python development environment using Docker. We'll explain what Docker is, why it's beneficial for Python development, how to create a Dockerfile, how to build and run a Python application in a Docker container, and finally, how to secure your Python Docker applications with Snyk.

What is Docker?

Docker is an open source platform that automates the deployment, scaling, and management of applications. It encapsulates software into standardized units known as containers that have everything the software needs to run — including libraries, system tools, code, and runtime. Using Docker, you can ensure consistent environments from development to production.

Why use Docker for Python development?

There are several reasons why Docker is beneficial for Python development:

  • Consistency: Docker containers ensure that your application runs exactly the same way, no matter where it's deployed.

  • Isolation: Docker provides isolation, meaning that dependencies of different projects are kept separate. This makes it easy to manage dependencies and avoid conflicts between projects.

  • Reproducibility: Docker containers are reproducible, meaning you can easily share the same environment with others.

Creating a Dockerfile for a Python application

A Dockerfile is a script that contains collections of commands and instructions to create a Docker image. Here's a basic example of a Dockerfile for a Python application:

FROM python:3.8

WORKDIR /app

COPY requirements.txt .

RUN pip install -r requirements.txt

COPY . .

CMD ["python", "./your-python-script.py"]

In this Dockerfile, we start with a Python 3.8 image. We then copy the requirements.txt file into the Docker image and install the Python dependencies. After that, we copy the rest of the code into the Docker image and specify the command to run the application.

Building and running a Python application in a Docker container

After creating a Dockerfile, you can build your Docker image using the docker build command:

docker build -t your-python-app .

This command builds a Docker image from your Dockerfile and tags it with the name your-python-app.

To run the application in a Docker container, you can use the docker run command:

docker run -p 8000:8000 your-python-app

This command runs your application inside a Docker container and maps the container's port 8000 to your machine's port 8000.

How to keep your Python Docker applications secure with Snyk

Snyk is a tool that helps to find and fix security vulnerabilities in your Docker images. It integrates with your CI/CD pipeline to ensure that your Docker images are secure before they get deployed.

To use Snyk, you first need to install it:

npm install -g snyk

Then, you can test your Docker image for vulnerabilities:

snyk test --docker your-python-app:latest --file=Dockerfile

This command scans your Docker image and Dockerfile for vulnerabilities. If any vulnerabilities are found, Snyk provides detailed information about them and gives recommendations on how to fix them.

I highly recommend our in-depth article on best practices for containerizing Python applications with Docker, using the Snyk Advisor to find healthy, secure, and well-maintained Python packages on PyPI, and using Snyk to secure your Python applications.

What’s next?

Finally, I want to provide you with a wealth of resources for further reading and exploration of Python and its virtual environment setup.

Pyenv documentation

Pyenv is a simple, powerful, and cross-platform tool for managing multiple Python versions. The Pyenv documentation provides a guide on how to install, use, and manage Python versions with Pyenv.

Link: Pyenv documentation

Venv documentation

Venv is a tool that comes with Python 3.3 and above for creating isolated Python environments. The Venv documentation provides a guide on how to create, use, and manage Python virtual environments.

Link: Venv documentation

Docker documentation

Docker is a platform that enables developers to build, share, and run applications in containers. The Docker documentation provides a guide on how to install, use, and manage Docker containers.

Link: Docker documentation

Other useful resources

Below are links to other useful resources that provide more detailed and practical guides on Python installation and managing Python virtual environments.

Whether you are a developer or DevOps practitioner, these resources will assist you in your software development journey.

blog-feature-snyk-container-custom-base-image-recommendations

Vous voulez l’essayer par vous-même ?

Find out what 500+ organizations shared on supply chain security's current and future state, giving organizations a way forward as the software supply chain industry grows.