Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Software supply chain security in the Rust ecos...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Alexis Mousset
December 04, 2024
Technology
28
0
Share
Software supply chain security in the Rust ecosystem
Paris Rust meetup
December 4th, 2024
Alexis Mousset
December 04, 2024
More Decks by Alexis Mousset
See All by Alexis Mousset
Supply Chain Security in the Rust Ecosystem
amousset
0
72
Designing the future of agent-server communication in RUDDER
amousset
0
61
Other Decks in Technology
See All in Technology
はじめての MagicPod生成AI機能 機能紹介から活用方法まで
magicpod
0
110
20年前の「OSS革命」に学ぶ AI時代の生存戦略
samakada
0
460
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
oracle4engineer
PRO
1
110
Microsoft 365 / Microsoft 365 Copilot : 自分の状態を確認する「ラベル」について
taichinakamura
0
330
Percolatorを廃止し、マルチ検索サービスへ刷新した話 / Search Engineering Tech Talk 2026 Spring
visional_engineering_and_design
0
100
AWS Agent Registry の基礎・概要を理解する/aws-agent-registry-intro
ren8k
3
390
CloudTrail を見つめ直してみる
kazzpapa3
1
100
生成AIが変える SaaS の競争原理と弁護士ドットコムのプロダクト戦略
bengo4com
1
1.5k
Do Vibe Coding ao LLM em Produção para Busca Agêntica - TDC 2026 - Summit IA - São Paulo
jpbonson
3
140
Route 53 Global Resolver で高額課金発生!
otanikohei2023
0
110
AIコーディング時代における、ソフトウェアサプライチェーン攻撃に対する防衛術(簡易版)
soysoysoyb
0
110
これからの「データマネジメント」の話をしよう
sansantech
PRO
0
140
Featured
See All Featured
First, design no harm
axbom
PRO
2
1.2k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
720
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.5k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Heart Work Chapter 1 - Part 1
lfama
PRO
6
35k
Building Applications with DynamoDB
mza
96
7k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
130
Marketing to machines
jonoalderson
1
5.2k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
510
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
230
Become a Pro
speakerdeck
PRO
31
5.9k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
Transcript
Software supply chain security in the Rust ecosystem Paris Rust
Meetup #73 December 4th, 2024 amousset
SOFTWARE SUPPLY CHAIN A software supply chain is the components,
libraries, tools, and processes used to develop, build, and publish a software artifact. Wikipedia (I would add the people too)
slsa.dev (Supply-chain Levels for Software Artifacts)
xkcd.com/2347/
RUST awesome cargo tooling + language composability > a lot
of dependencies compiled language, static dependencies > traceability & maintenance issues
WHAT DOES YOUR BINARY INCLUDE? all dependencies all artifacts in
crates (binaries, data, etc.) C libraries built automatically in crates
TOOLING FOR DEPENDENCIES # list people who have # write
access to your artefacts cargo supply-chain # audit and share crate audits cargo vet # look for known vulnerabilities cargo audit cargo deny
TOOLING FOR BUILD # respect Cargo.lock cargo build --locked #
include dependencies in binary cargo auditable build # build a SBOM cargo cyclonedx
WHO WORKS ON IT? Linux Foundation Rust Foundation Google /
Microsoft (GitHub) Specialized companies Rust Secure Code WG / RustSec
FUTURE? Technical improvements Better integration Attestation, etc. Community & FOSS?
THANKS! Alexis Mousset / amousset Rust Secure Code WG /
RustSec lettre email library rudder.io > open-source infra security & automation > open 6 months Rust internship 🦀
amousset
magicpod
samakada
oracle4engineer
taichinakamura
visional_engineering_and_design
ren8k
kazzpapa3
bengo4com
jpbonson
otanikohei2023
soysoysoyb
sansantech
axbom
nmsamuel
signer
sstephenson
lfama
mza
tmiket
jonoalderson
katarinadahlin
techseoconnect
speakerdeck
samanthasiow
