Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Alexis Mousset
December 04, 2024
Technology
0
21
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
55
Designing the future of agent-server communication in RUDDER
amousset
0
57
Other Decks in Technology
See All in Technology
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
1.7k
ZOZOの独自性を生み出す「似合う4大要素」の開発サイクル
zozotech
PRO
0
110
SREには開発組織全体で向き合う
koh_naga
0
410
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
hoshi7_n
2
1.5k
MLflowダイエット大作戦
lycorptech_jp
PRO
1
160
New Relic 1 年生の振り返りと Cloud Cost Intelligence について #NRUG
play_inc
0
160
AWSに革命を起こすかもしれない新サービス・アップデートについてのお話
yama3133
0
460
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
17
7.4k
20251219 OpenIDファウンデーション・ジャパン紹介 / OpenID Foundation Japan Intro
oidfj
0
390
特別捜査官等研修会
nomizone
0
520
AI駆動開発の実践とその未来
eltociear
1
460
2025-12-18_AI駆動開発推進プロジェクト運営について / AIDD-Promotion project management
yayoi_dd
0
150
Featured
See All Featured
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
helenjbeal
1
77
Why Our Code Smells
bkeepers
PRO
340
57k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3.3k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
Building Adaptive Systems
keathley
44
2.9k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.6k
Practical Orchestrator
shlominoach
190
11k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
980
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Bash Introduction
62gerente
615
210k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
takanorig
zozotech
.JPG){kind=avatar}
koh_naga
hoshi7_n
lycorptech_jp
play_inc
yama3133
joker1007
oidfj
nomizone
eltociear
yayoi_dd
.png){kind=avatar}
helenjbeal
bkeepers
eileencodes
keathley
bcantrill
shlominoach
aleyda
tammyeverts
mongodb
ipullrank
62gerente
