Securing Your .NET Application Software Supply Chain
Offered By: NDC Conferences via YouTube
Course Description
Overview
Explore hands-on techniques for securing a .NET application's software supply chain in this NDC Oslo 2021 conference talk. Delve into the complexities of modern software development processes and learn how to address security risks at various stages, from source code access to deployment. Examine real-world examples like SolarWinds and CodeCov to understand potential vulnerabilities. Discover practical strategies based on Google's SLSA framework and Software Bill of Materials (SBOM) concepts. Cover topics such as GIT commit signing, dependency confusion, third-party library security, reproducible builds, artifact signing, and pipeline security policies. Gain valuable insights into protecting your software development lifecycle and mitigating risks in the increasingly complex software supply chain landscape.
Syllabus
Intro
Securing your .NET application software supply chain
What is a Supply Chain?
GIT Commit Signing
Octopus Scanner - NetBeans
Visual Studio Code
Dependency Confusion
3rd Party Libraries
Security Scorecards - OpenSSF
Source Generators
Reproducible Build .NET
Signing artifacts
Automotive Industry
Car Supply Chain
SolarWinds Project Trebuchet
IBM OpenShift
Azure Pipelines Artifact Policy
Google SLSA
Taught by
NDC Conferences
Related Courses
From SBOM to Trusted Software Supply Chain - How Far Are We?Association for Computing Machinery (ACM) via YouTube Transparency in the Software Supply Chain - Making SBOM a Reality
Black Hat via YouTube SBOM is Here - Making Progress - Not Excuses
BSidesLV via YouTube How Software Transparency Can Help Save the World
Security BSides San Francisco via YouTube DBOM and SBOM - New Options for Better Supply Chain Cybersecurity
RSA Conference via YouTube