Watch the stream
So-called “Supply Chain” attacks are all over the news as several high profile breaches highlight CI/CD pipelines as a prime target. While AppSec focuses on writing secure code (SAST), managing risks from Open Source dependencies (SCA) and more generally finding vulnerabilities in apps and APIs, a large attack surface is often overlooked. The supply chain links the developer’s laptop, via the SCM, through CI/CD and finally the running application in production.
We’ve all heard about the SolarWinds breach, but what can be done to prevent such an attack? In this talk, we dive behind the scenes of similar attacks through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.
Most importantly, we will discuss new technologies and approaches that are available today (or are under active development) to address these threats.
François Proulx ,