How often do we question the wisdom of releasing to production on a Friday afternoon? Has the production software been tested thoroughly enough to identify vulnerabilities? If we do find security problems in production, what steps can we take to fix them? And how can we take preventative measures against potential problems or attacks? Recently, software supply chain security has become an increasingly important topic. Concepts such as SBOMs, SLSA, Reproducible Builds and CI/CD Security are often discussed to address previous concerns. This session will explore these concepts and provide guidance on how to apply them to your individual projects. We will focus on tools, guides, proposals from the OSSF Foundation, CNCF, OWASP and CDF
Ixchel Ruiz
Karakun AG
Ix-chel Ruiz has developed software application & tools since 2000. Her research interests include Java, dynamic languages, client-side technologies and testing. Java Champion, Oracle ACE pro, Testcontainers Community Champion, CDF Ambassador, Hackergarten enthusiast, Open Source advocate, public speaker and mentor.