Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Alexis Mousset
December 04, 2024
Technology
0
22
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
Tweet
Share
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
57
Designing the future of agent-server communication in RUDDER
amousset
0
58
Other Decks in Technology
See All in Technology
顧客との商談議事録をみんなで読んで顧客解像度を上げよう
shibayu36
0
240
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
230
外部キー制約の知っておいて欲しいこと - RDBMSを正しく使うために必要なこと / FOREIGN KEY Night
soudai
PRO
12
5.5k
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
制約が導く迷わない設計 〜 信頼性と運用性を両立するマイナンバー管理システムの実践 〜
bwkw
3
940
プロポーザルに込める段取り八分
shoheimitani
1
270
OWASP Top 10:2025 リリースと 少しの日本語化にまつわる裏話
okdt
PRO
3
770
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
130
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
20260208_第66回 コンピュータビジョン勉強会
keiichiito1978
0
140
AIと新時代を切り拓く。これからのSREとメルカリIBISの挑戦
0gm
0
1.1k
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Skip the Path - Find Your Career Trail
mkilby
0
56
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
430
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
55
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
110
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.2k
What's in a price? How to price your products and services
michaelherold
247
13k
Six Lessons from altMBA
skipperchong
29
4.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
190
Leading Effective Engineering Teams in the AI Era
addyosmani
9
1.6k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
117
110k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
shibayu36
aeonpeople
soudai
sansan33
bwkw
shoheimitani
okdt
maaaato
oracle4engineer
keiichiito1978
0gm
keithpitt
mkilby
inesmontani
marketingsoph
pwiseman
kastner
michaelherold
skipperchong
tammyeverts
addyosmani
twada
