Securing Gradle Builds: Protecting Against Supply Chain Attacks

Explore the critical security concerns surrounding Gradle and learn effective strategies to safeguard your builds from potential threats in this 37-minute conference talk from Android Makers. Gain valuable insights into the Gradle Wrapper supply-chain attack and understand how to implement protective measures. Discover the intricacies of Gradle dependency attacks and acquire practical defense techniques. Obtain a comprehensive list of security best practices for Gradle, including wrapper verification, repository filtering, and dependency verification. Delve into topics such as introduction, dependency verification, metadata verification, ASC file verification, pros and cons, Minecraft verification, and pull via methods. Leave equipped with essential knowledge to enhance the security of your Gradle projects and protect against common vulnerabilities.