Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Alexis Mousset
December 04, 2024
Technology
33
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
82
Designing the future of agent-server communication in RUDDER
amousset
0
67
Other Decks in Technology
See All in Technology
GitHub Copilot app最速の発信の裏側
tomokusaba
1
260
ぼっちではじめた登壇が「51名」「241件」の発信に化けた
subroh0508
1
310
SteampipeとExcel Power QueryでAWS構成定義書の作成を自動化する
jhashimoto
0
180
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
水を運ぶ人としてのリーダーシップ
izumii19
4
1k
Agile and AI Redmine Japan 2026
hiranabe
4
490
いまさら聞けない「仕様駆動開発入門」 〜AI活用時代の開発プロセスを考える〜
findy_eventslides
2
210
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
7.6k
2026-06-24_人とAIの責務分離に基づく開発プロセスの提案.pdf
takahiromatsui
0
190
AI-DLCを “そのまま導入しなかった”話 ~組織に合わせてアジャストした 私たちの実践共有~
hiroramos4
PRO
1
430
事業会社における 機械学習・推薦システム技術の活用事例と必要な能力 / ml-recsys-in-layerx-wantedly-2026
yuya4
0
160
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
110
Featured
See All Featured
Optimizing for Happiness
mojombo
378
71k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.8k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.9k
My Coaching Mixtape
mlcsv
0
150
KATA
mclloyd
PRO
35
15k
Optimising Largest Contentful Paint
csswizardry
37
3.7k
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
430
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
2
220
Facilitating Awesome Meetings
lara
57
7k
More Than Pixels: Becoming A User Experience Designer
marktimemedia
3
450
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
340
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀