Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Alexis Mousset
December 04, 2024
Technology
33
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
82
Designing the future of agent-server communication in RUDDER
amousset
0
67
Other Decks in Technology
See All in Technology
飲食店もAIで。レジ締めやハンディシステムをつくってる話 / Using AI for restaurant management
vtryo
0
190
いまさら聞けない「仕様駆動開発入門」 〜AI活用時代の開発プロセスを考える〜
findy_eventslides
2
210
コミュニティの有益性 ~JAWS Days 2026 での体験を通して~ / The Benefits of a Community ~Through My Experience at JAWS Days 2026~
seike460
PRO
0
270
AWS Security Agent といっしょに脅威モデリングをやってみよう
amarelo_n24
1
210
ロボティクスの技術 / Robotics Technology
ks91
PRO
0
130
週末にループ・エンジニアリングの理解を深めるためのスライド
nagatsu
0
350
WebGIS AI Agentの紹介
_shimizu
0
560
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
Multi-Agent並列開発を 安全に回すための技術 / Technology for Safely Multi-Agent Parallel Development
tooppoo
0
190
2026 AI Memory Architecture
nagatsu
0
340
Agile and AI Redmine Japan 2026
hiranabe
4
490
4人目のSREはAgent
tanimuyk
0
190
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
950
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.5k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
Believing is Seeing
oripsolob
1
150
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
240
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
2
220
How to audit for AI Accessibility on your Front & Back End
davetheseo
0
450
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
10k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
62
55k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀