Möchten Sie mit Ihrem Team teilnehmen? Profitieren Sie von unseren Gruppenrabatten! Schreiben Sie an events@dpunkt.de

Protecting Your Organisation against Attacks via the Build System

Everyday, as developers, we build dozens of times. Sometimes without noticing (in the IDE), sometimes explicitly from the CLI (gradle test, mvn clean test), sometimes from CI. However, barely anyone recognizes the security risks of building software. Those attacks are not theoretical anymore.

This talk will highlight potential attack vectors and explain how we can mitigate them. The build tool is by definition insecure because it's a free execution environment. However, there are ways we can reduce the risks, or even significantly reduce them.

 

Speaker

 

Cédric  Champeau
Cédric Champeau is Principal Software Engineer at Gradle, Inc, working on the open-source Gradle build tool. He contributed performance improvements and is currently mainly focused on dependency management with Gradle. Previously Cédric worked on the Apache Groovy project, where he implemented the static compiler and worked on many compile time meta-programming features (AST xforms, traits, ...).

Sponsoren

Platin
New Relic
QAware
Microsoft Azure
Gold
Elastic
Palo Alto Networks
SNYK

Newsletter CLC/CC

Sie möchten über die Continuous Lifecyle/ContainerConf
auf dem Laufenden gehalten werden?

 

Anmelden