Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Alexis Mousset
December 04, 2024
Technology
0
21
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
56
Designing the future of agent-server communication in RUDDER
amousset
0
57
Other Decks in Technology
See All in Technology
たかがボタン、されどボタン ~button要素から深ぼるボタンUIの定義について~ / BuriKaigi 2026
yamanoku
1
270
Oracle Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
3
350
I tried making a solo advent calendar!
zzzzico
0
150
#22 CA × atmaCup 3rd 1st Place Solution
yumizu
1
190
AI時代のアジャイルチームを目指して ー スクラムというコンフォートゾーンからの脱却 ー / Toward Agile Teams in the Age of AI
takaking22
11
6.5k
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
gamella
1
650
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
これまでのネットワーク運用を変えるかもしれないアプデをおさらい
hatahata021
2
110
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
1
910
AI との良い付き合い方を僕らは誰も知らない (WSS 2026 静岡版)
asei
1
300
コールドスタンバイ構成でCDは可能か
hiramax
0
130
ECS_EKS以外の選択肢_ROSA入門_.pdf
masakiokuda
1
130
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.6k
Scaling GitHub
holman
464
140k
A designer walks into a library…
pauljervisheath
210
24k
Designing Experiences People Love
moore
143
24k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Bash Introduction
62gerente
615
210k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.5k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
98
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
39
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
Odyssey Design
rkendrick25
PRO
0
460
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
140
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
yamanoku
oracle4engineer
zzzzico
yumizu
takaking22
gamella
sansan33
hatahata021
asei
hiramax
masakiokuda
csswizardry
holman
pauljervisheath
moore
thoeni
62gerente
aleyda
sabderemane
techseoconnect
rmw
rkendrick25
tammyeverts
