When:
to
Room:
Room 3.8 The Lounge (1)
Tags:
development & coding, devops
Track:
SVG
makers & builders

What is the secure software supply chain and the current state of the PHP and Drupal ecosystem

What is the secure software supply chain and the current state of the PHP and Drupal ecosystem

Paolo Mainardi

In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.
There will be also a demo of the mentioned tools in action to implement a secure supply chain pipeline for your Drupal projects.
Session (45 minutes)

Experience level of the audience


Intermediate