Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx

https://is1-ssl.mzstatic.com/image/thumb/Podcasts112/v4/9c/80/2a/9c802a22-4b09-818b-db2a-b56f90ef4696/mza_8816485060938732371.jpg/600x600bb.jpg

The Security Repo

Mackenzie Jackson & Dwayne McDaniel

115 episodes

5 hours ago

The security repo is a podcast that focuses on real world security issues we are all facing today. We will take deep dives into news events and have exclusive interviews with security leaders on the ground.

Technology

RSS

All content for The Security Repo is the property of Mackenzie Jackson & Dwayne McDaniel and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/production/podcast_uploaded_nologo/27502653/27502653-1656930586314-56d1874773408.jpg

Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx

The Security Repo

29 minutes 34 seconds

6 days ago

Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx

In this episode of the Security Repo Podcast, François Proulx, VP of Security Research at Boost Security, discusses the evolving threats in software supply chain security, particularly focusing on attacks targeting CI/CD pipelines. He explains how open source tools like "Poutine" are being used both defensively and offensively in the ongoing battle to secure build systems. François also shares his journey into security, lessons from working at Intel, and practical advice on dependency pinning, short-lived credentials, and password best practices.

https://www.linkedin.com/in/francoisp/

https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner

[https://nsec.io /](https://nsec.io/)

François is VP of Security Research at BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.