Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Alexis Mousset
December 04, 2024
Technology
31
0
Share
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
78
Designing the future of agent-server communication in RUDDER
amousset
0
65
Other Decks in Technology
See All in Technology
Terraformモジュールは、なぜ「魔境」化するのか
hayama17
1
180
関西に縁あるMicrosoft MVPsが語るCopilotの未来
kasada
0
1k
Claude Codeを組織で使いこなす— サーバサイドAIエージェント運用の実践知
techtekt
PRO
0
200
Oracle Cloud Infrastructure IaaS 新機能アップデート 2026/3 - 2026/5
oracle4engineer
PRO
1
170
AI Engineering Summit Tokyo 2026 AIの前に、やることがある 〜医療データ企業の4フェーズ〜
dtaniwaki
0
1.6k
Platform engineering for developers, architects & the rest of us (AI agents)
danielbryantuk
0
180
Oracle AI Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
6
1.9k
Javaコミュニティをもっと楽しむための9箇条
takasyou
0
1.2k
個人最適 から 全体最適 へ AI情報共有会・AIギルド・AI-DLC で進める カンリーの組織展開
rfdnxbro
0
1.2k
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
sms_tech
1
380
探して_入れて_作って_使う_Agent_Skills___LT.pdf
peintangos
2
160
AIガバナンス実践 - 生成AIコネクタのデータ漏洩リスクと実務対策
knishioka
0
170
Featured
See All Featured
Joys of Absence: A Defence of Solitary Play
codingconduct
1
380
How to Ace a Technical Interview
jacobian
281
24k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
ラッコキーワード サービス紹介資料
rakko
1
3.5M
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
720
Exploring anti-patterns in Rails
aemeredith
3
390
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
hayama17
kasada
techtekt
oracle4engineer
dtaniwaki
danielbryantuk
takasyou
rfdnxbro
sms_tech
peintangos
knishioka
codingconduct
jacobian
chriscoyier
aarron
yeseniaperezcruz
rakko
.jpg){kind=avatar}
cargoodrich
aemeredith
jnunemaker
tanoku
marcelosomers
addyosmani
