Understanding, Maintaining and Securing Envoy's Supply Chain

Explore the complex software supply chain of Envoy, a popular open-source proxy, in this informative conference talk. Gain insights into Envoy's extensive network of over 60 external dependencies, crucial for its data and control plane functionality, build processes, testing, and observability features. Delve into a comprehensive overview of these third-party dependencies, their categorization, and their significance within Envoy's ecosystem. Focus on the security implications of these dependencies and their relationship to Envoy's threat model. Learn about the Envoy community's strategies for maintaining, versioning, and testing dependencies, as well as future plans to enhance supply chain confidence. Discover practical approaches for organizations to minimize unnecessary dependencies and strengthen their own software supply chains.

Understanding, maintaining and securing Envoy's supply chain - Michael Payne, Harvey Tuch