Secure Software Supply Chain: Current State in PHP and Drupal Ecosystem
Drupal Association via YouTube
Overview
Explore the secure software supply chain and its current state within the PHP and Drupal ecosystem in this 37-minute DrupalCon Lille 2023 conference talk. Delve into major global events like SolarWinds, log4shell, codecov, and packagist, and learn about potential threats and mitigation strategies. Discover how to implement tools such as Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning in real-world projects. Gain valuable insights into creating a secure supply chain pipeline for Drupal projects through a practical demonstration of these tools in action.
Syllabus
What is the secure software supply chain and the current state of the PHP and Drupal ecosystem
Taught by
Drupal Association