Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore essential strategies for safeguarding your organization against build system attacks in this 51-minute conference talk. Delve into the often-overlooked security risks associated with software building processes, including IDE, CLI, and CI environments. Discover potential attack vectors and learn effective mitigation techniques to enhance your build security. Examine crucial topics such as verifying dependency integrity, implementing checksums and signatures, identifying and rejecting vulnerable dependencies, achieving build reproducibility, and utilizing disposable build environments. Gain insights on securely testing external contributions and optimizing performance in secure build setups. While primarily focused on Gradle, the recommendations presented are broadly applicable to other build tools like Apache Maven. Benefit from the expertise of Cédric Champeau, Principal Software Engineer at Gradle, Inc., as he shares valuable knowledge on improving build system security and dependency management.