Protecting Your Organisation Against Attacks via the Build System

Explore essential strategies for safeguarding your organization against build system attacks in this 51-minute conference talk. Delve into the often-overlooked security risks associated with software building processes, including IDE, CLI, and CI environments. Discover potential attack vectors and learn effective mitigation techniques to enhance your build security. Examine crucial topics such as verifying dependency integrity, implementing checksums and signatures, identifying and rejecting vulnerable dependencies, achieving build reproducibility, and utilizing disposable build environments. Gain insights on securely testing external contributions and optimizing performance in secure build setups. While primarily focused on Gradle, the recommendations presented are broadly applicable to other build tools like Apache Maven. Benefit from the expertise of Cédric Champeau, Principal Software Engineer at Gradle, Inc., as he shares valuable knowledge on improving build system security and dependency management.

Protecting your organisation against attacks via the build system by Cédric Champeau