Explore the secure software supply chain and its current state within the PHP and Drupal ecosystem in this 37-minute DrupalCon Lille 2023 conference talk. Delve into major global events like SolarWinds, log4shell, codecov, and packagist, and learn about potential threats and mitigation strategies. Discover how to implement tools such as Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning in real-world projects. Gain valuable insights into creating a secure supply chain pipeline for Drupal projects through a practical demonstration of these tools in action.
Secure Software Supply Chain: Current State in PHP and Drupal Ecosystem
Drupal Association via YouTube
Overview
Syllabus
What is the secure software supply chain and the current state of the PHP and Drupal ecosystem
Taught by
Drupal Association
Related Courses
-
Secure Software Supply Chain for CSSLP®
-
Securing Your Software Supply Chain with Sigstore
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Securing Your Supply Chain with an Open Source Ecosystem
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
