Why do we keep ignoring CI security with François Proulx - podcast episode cover

Why do we keep ignoring CI security with François Proulx

Open Source Security
Feb 10, 202524 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obsess over everything on either side of the CI system. François has a bunch of really good practical suggestions for how we can start to improve our CI security today.

 

The blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-02-ignoring_ci_security_francois_proulx/

For the best experience, listen in Metacast app for iOS or Android