Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Alexis Mousset
December 04, 2024
Technology
0
22
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
57
Designing the future of agent-server communication in RUDDER
amousset
0
58
Other Decks in Technology
See All in Technology
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
420
AIエージェントを開発しよう!-AgentCore活用の勘所-
yukiogawa
0
170
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
muziyoshiz
1
1.9k
Kiro IDEのドキュメントを全部読んだので地味だけどちょっと嬉しい機能を紹介する
khmoryz
0
200
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
380
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
190
CDK対応したAWS DevOps Agentを試そう_20260201
masakiokuda
1
300
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
セキュリティについて学ぶ会 / 2026 01 25 Takamatsu WordPress Meetup
rocketmartue
1
300
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
240
AI駆動開発を事業のコアに置く
tasukuonizawa
1
200
Featured
See All Featured
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
baasie
0
230
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
290
Optimizing for Happiness
mojombo
379
71k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
How to train your dragon (web standard)
notwaldorf
97
6.5k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
450
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
55k
Designing Experiences People Love
moore
144
24k
The SEO Collaboration Effect
kristinabergwall1
0
350
Testing 201, or: Great Expectations
jmmastey
46
8k
Code Reviewing Like a Champion
maltzj
527
40k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
kekke_n
yukiogawa
muziyoshiz
khmoryz
sansantech
sansan33
torounit
masakiokuda
rocketmartue
yuu551
tasukuonizawa
baasie
destraynor
codingconduct
mojombo
aarron
notwaldorf
tammyeverts
aki_iinuma
moore
kristinabergwall1
jmmastey
maltzj
