Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Alexis Mousset
December 04, 2024
Technology
0
22
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
57
Designing the future of agent-server communication in RUDDER
amousset
0
58
Other Decks in Technology
See All in Technology
Codex 5.3 と Opus 4.6 にコーポレートサイトを作らせてみた / Codex 5.3 vs Opus 4.6
ama_ch
0
150
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
17k
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
170
モダンUIでフルサーバーレスなAIエージェントをAmplifyとCDKでサクッとデプロイしよう
minorun365
4
210
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
Context Engineeringの取り組み
nutslove
0
350
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
570
コミュニティが変えるキャリアの地平線:コロナ禍新卒入社のエンジニアがAWSコミュニティで見つけた成長の羅針盤
kentosuzuki
0
110
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
270
OpenShiftでllm-dを動かそう!
jpishikawa
0
110
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
daitak
1
360
Featured
See All Featured
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
66
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
93
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
910
How GitHub (no longer) Works
holman
316
140k
Skip the Path - Find Your Career Trail
mkilby
0
56
Java REST API Framework Comparison - PWX 2021
mraible
34
9.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Designing for Performance
lara
610
70k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.5k
Technical Leadership for Architectural Decision Making
baasie
1
240
What's in a price? How to price your products and services
michaelherold
247
13k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
ama_ch
sansan33
yukiogawa
minorun365
sansantech
nutslove
riku_423
kentosuzuki
rvirus0817
jpishikawa
daitak
techseoconnect
jdejongh
reverentgeek
szymonslowik
holman
mkilby
mraible
bcantrill
lara
aleyda
baasie
michaelherold
