Conan.Io – Lessons Learned from Securing 40,000 C++ Packages - Diego Rodriguez-Losada Gonzalez, JFrog

less than 1 minute read

Abstract

Supply chain security needs are at an all-time peak, since attackers are now massively targeting developers through their use of package repositories such as npm and PyPI. Conan.io, the open-source package manager for C and C++, currently houses more than 11 million binaries built by user-submitted recipes, but managed to have 0 security incidents since its inception, despite its extremely wide reception (15TB of monthly transfers). In this session, Diego (Conan’s co-creator) will share how he and his team has managed this incredible feat by utilizing automated quality checks, compiler security mitigations, package signing, a secure build pipeline and an extremely strict and efficient review process, even when faced with more than 9000 pull requests in the last two years.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Conan.Io – Lessons Learned from Securing 40,000 C++ Packages - Diego Rodriguez-Losada Gonzalez, JFrog

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google