Louis Jacomet has been perfecting his knowledge of Java for more than 20 years. Always a developer at heart, his role evolved over the last years to include technical team leading, coaching and some management. In addition to the bits and bytes, Louis is interested in people management skills mandatory to create a productive project team. To complete the buzzword bingo, Louis is interested in agile practices for the visibility, communication and result orientation it promotes. After working remotely from Belgium for Terracotta, with a focus on Ehcache, Louis is now part of the Gradle build tool team.
Everyday, as developers, we build dozens of times. Sometimes without noticing (in the IDE), sometimes explicitly from the CLI (
mvn clean test), sometimes from CI. However, barely anyone recognizes the security risks of building software.
This talk will highlight potential attack vectors and explain how we can mitigate them. The build tool is by definition insecure because it's a free execution environment. However, there are ways we can reduce the risks, or even significantly reduce them. Some topics we will cover:
We will mostly illustrate those with Gradle but most of the recommendations are also valid with Apache Maven.