Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Alexis Mousset
December 04, 2024
Technology
0
26
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
69
Designing the future of agent-server communication in RUDDER
amousset
0
58
Other Decks in Technology
See All in Technology
The_Evolution_of_Bits_AI_SRE.pdf
nulabinc
PRO
0
240
VLAモデル構築のための AIロボット向け模倣学習キット
kmatsuiugo
0
240
マルチアカウント環境でSecurity Hubの運用!導入の苦労とポイント / JAWS DAYS 2026
genda
0
840
楽しく学ぼう!ネットワーク入門
shotashiratori
4
3.4k
楽しく学ぼう!ネットワーク入門
shotashiratori
1
460
OCHaCafe S11 #2 コンテナ時代の次の一手:Wasm 最前線
oracle4engineer
PRO
2
150
It’s “Time” to use Temporal
sajikix
3
210
ソフトバンク流!プラットフォームエンジニアリング実現へのアプローチ
sbtechnight
1
180
Kubernetesにおける推論基盤
ry
1
410
形式手法特論:SMT ソルバで解く認可ポリシの静的解析 #kernelvm / Kernel VM Study Tsukuba No3
ytaka23
1
270
プラットフォームエンジニアリングはAI時代の開発者をどう救うのか
jacopen
7
3.8k
AWS CDK「読めるけど書けない」を脱却するファーストステップ
smt7174
3
160
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
150
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
110k
Marketing to machines
jonoalderson
1
5k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
sira's awesome portfolio website redesign presentation
elsirapls
0
190
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
170
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
770
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
199
73k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Designing Powerful Visuals for Engaging Learning
tmiket
0
280
Code Reviewing Like a Champion
maltzj
528
40k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
nulabinc
kmatsuiugo
genda
shotashiratori
oracle4engineer
sajikix
sbtechnight
ry
ytaka23
jacopen
smt7174
chriscoyier
sabderemane
twada
jonoalderson
bcantrill
elsirapls
retrage
aleyda
soudai
destraynor
tmiket
maltzj
