Open Source Summit Europe 2024: Full Schedule

September 16-18, 2024
Vienna, Austria
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC/GMT +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

11:20 CEST

Application of the Upcoming SPDX Safety Profile - Nicole Pappler, AlektoMetis.com

Monday September 16, 2024 11:20 - 12:00 CEST

Room 0.96-0.97 (Level 0)

Creating and maintaining a safety critical project comes with a lot of challenges. A central issue is keeping your documentation, starting from planning and guideline documents, down to requirements, safety analysis, reviews and tests, consistent and up to date. These artefacts often have their own lifecycle and are natively managed in different tools, with usually great traceability capabilities regarding dependencies between these artefacts as long as you stay within one tool or within a (usually propriety) tool family of one single tool vendor. Currently the resulting traceability gaps between these tools are handled either by the popular engineering tools like MS Excel or methods like “search for identical names”, depending highly on manual maintenance.

Using SPDX relationships, the upcoming Safety Profile in SPDX 3.1 will provide a model to represent all these dependencies as a knowledge model that can be used both to analyse possible impacts after a change (be it because of a security update or functional variants of your product), provide evidence of completeness and compliance as a Safety SBOM or simply keep track of your product variants.

Speakers

Nicole Pappler

Senior Safety Expert, AlektoMetis

Nicole has worked in different projects developing safety relevant embedded software before starting as an independent assessor. With now more than twenty years of experience in the industry, she supported several customers to show their compliance with safety, security and quality... Read More →

Monday September 16, 2024 11:20 - 12:00 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Any

12:15 CEST

Traceability and Automation Examples With Basil an Open Source Software for Quality Management - Luigi Pellecchia & Gabriele Paoloni, Red Hat

Monday September 16, 2024 12:15 - 12:35 CEST

Room 0.96-0.97 (Level 0)

In Safety Critical applications it is mandatory to ensure Sw Requirements traceability to Sw Specifications, Test Cases, Test Results, Bugs and more.
The process leading to this goal is usually complex and time-consuming and it is essential to understand the state step by step and highlight what remains to be done.
Moreover, for the intrinsic nature of a software project, we need to ensure traceability and test verification following any evolution in the ecosystem of the project.

BASIL The FuSa Spice, is an open source sw that provides a quality management solution aimed to address the above mentioned challenges for SW developments that are code driven and equally for the ones requirements driven.

We will see how to implement in BASIL Sw Requirements traceability to the source Code and to existing upstream Test Cases, how to execute them, how to navigate Test Results and artifacts and how to link failures to a bug in a bug tracking system.

We will also go into the details of a pipeline implementation based on the BASIL HTTP Api to understand how changes in one or more work items can be managed through automation with the goal of implementing a continuous certification framework.

Speakers

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Gabriele Paoloni is an Open Source Community Technical Leader at Red Hat. He is a passionate technologist and has strong experience in both functional safety and Linux Kernel development, including previous roles leading FuSa software architecture for Intel platforms, CCIX vice chairman... Read More →

Luigi Pellecchia

Senior Software Quality Engineer, Red Hat

Luigi Pellecchia is a Principal Sw Quality Engineer at Red Hat.He is a Mechanical Engineer with a solid background in sw development.He gained a strong experience as automotive sw tester reaching the role of Sw Validation Project Leader working on ECUs ISO 26262 compliant that are... Read More →

Monday September 16, 2024 12:15 - 12:35 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Any

12:35 CEST

Enhancing Kernel Functional Safety Analysis with KS-nav - Alessandro Carminati & Gabriele Paoloni, Red Hat

Monday September 16, 2024 12:35 - 12:55 CEST

Room 0.96-0.97 (Level 0)

In order to make functional safety claims on SW components, having a clear understanding of the underlying software architecture is crucial. However, if SW architectural documentation is missing, understanding how software operates and how its parts fit together can be challenging. For the Linux kernel and many other OSS SW, such documents are absent and instead, analysts must rely on code, which can be hard to read.
ks-nav is a tool designed to help in reverse engineering and understanding the code by generating diagrams that highlight the interactions between code elements and sub-elements.

ks-nav relies on binary images instead of source code analysis to get rid of the uncertainty introduced by configurations, compiler optimizations, and any other toolchain related issues. Additionally, using the MAINTAINERS file, it precisely pinpoints subsystems, enabling users to delve into their interactions with clarity.

This session focuses on:
* Why understanding the code is critical in FuSa activities;
* How ks-nav works, how it addresses the various challenges of analyzing the code;
* An example of how ks-nav can be used to support an expert-driven FMEA for a specific use case.

Speakers

Gabriele Paoloni

Sr SW Principal Engineer, Red Hat

Alessandro Carminati

Principal Software Engineer, Red Hat

As a Linux Kernel Engineer within the RedHat Automotive Team, I specialize in both upstream contributions and downstream efforts, focusing on enhancing Linux kernel functionality for automotive.With a background in embedded Linux development and Linux security for embedded systems... Read More →

Monday September 16, 2024 12:35 - 12:55 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Intermediate

14:15 CEST

Cross Industry Demands and Collaboration Opportunities in Open Source for Safety Critical Systems - Philipp Ahmann, Robert Bosch GmbH & Olivier Charrier, Wind River

Monday September 16, 2024 14:15 - 14:55 CEST

Room 0.96-0.97 (Level 0)

The increasing computation power of embedded CPUs has revolutionized industries such as Automotive, Aerospace, or Industrial by enabling centralized and enhanced use cases, software-defined functionalities, and increased automation. The challenges of this increased complexity are often addressed by incorporating Open Source Software, particularly Linux, virtualization and RTOS. As these industries are heavily regulated by quality and safety-integrity standards, the certification of these highly complex systems becomes crucial.

Starting from the similarities and overlaps in system architecture design across use cases, this talk will explore the demands imposed by safety integrity standards in various industries. To develop these systems and adhere to required processes, the integration of tools and a high degree of automation is essential.

The authors show how Open Source projects bridge the gap between open source and safety-criticality, introducing tools and processes, and showcasing collaborative efforts in creating reproducible example system architectures. These systems can serve as a foundation for companies and projects adopting Open Source in safety-critical applications.

Speakers

Philipp Ahmann

Sr. OSS Community Manager, Etas GmbH (BOSCH)

Philipp Ahmann is an experienced senior OSS community manager at Etas GmbH (BOSCH) specializing in safety and automotive grade open source stacks for software defined vehicles. He holds the position of technical steering committee chair for the Linux Foundation ELISA project to Enable... Read More →

Olivier Charrier

Principal Technologist - Functional Safety, Wind River

Olivier Charrier obtained a Master’s degree in Software Engineering (DESS) from Bordeaux University in 1989.After working for Alsys/Aonix on Ada development environment for embedded systems, Olivier joined Wind River in June 2001 where his focus is to help Wind River's customers... Read More →

Monday September 16, 2024 14:15 - 14:55 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Intermediate

15:25 CEST

Bringing Existing Open-Source Code into MISRA Compliance - Roberto Bagnara, University of Parma and BUGSENG

Monday September 16, 2024 15:25 - 16:05 CEST

Room 0.96-0.97 (Level 0)

Bringing an existing codebase into MISRA compliance is known to be a difficult, risky and time-consuming task. Yet, when a product needs a functional safety certification and rewriting the software is out of question, this is a necessity. Such an endeavor requires facing multiple tradeoffs and, consequently, lots of experience both on the codebase and on MISRA. The choices between deviating the guideline, and the (often, many) ways in which code may be changed and deviations may be formulated, are tough and with consequences that are not immediately evident. The situation is particularly interesting in the case of open-source software, where additional challenges have to be faced. In this presentation, we illustrate our experience and the several lessons learned while undertaking MISRA compliance work in open-source projects, most notably the Zephyr RTOS and the Xen hypervisor, both used in many embedded systems. Key take-home points include: effective deviation strategies and mechanisms; dealing with the MISRA C essential type model (guidelines related to that account for many of the violations in existing codebases); interaction with open-source communities.

Speakers

Roberto Bagnara

Professor, University of Parma and BUGSENG

Roberto Bagnara is professor of Computer Science at the University of Parma and Software Verification Expert and Evangelist at BUGSENG. He coauthored more than 40 papers, in international journals and conference proceedings, on programming languages, static analysis and other techniques... Read More →

Monday September 16, 2024 15:25 - 16:05 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Intermediate

16:20 CEST

Hidden in Plain Sight: Corner Case Defects - Robert Altnoeder, LINBIT HA-Solutions GmbH

Monday September 16, 2024 16:20 - 17:00 CEST

Room 0.96-0.97 (Level 0)

This session is about often unexpected and sometimes intricate defects that may either occur infrequently, seemingly randomly, or only in very specific corner cases.

These defects are often overlooked by developers, and most tests may not discover them either, despite how widespread they are, often lurking in plain sight, waiting to strike at the most unfortunate moment.
In this session, we will take a look at some code examples, we will talk about the sometimes surprising ways in which things can go wrong, and about how to avoid repeating the same mistakes.

Speakers

Robert Altnoeder

Developer, former RCA team member, LINBIT HA-Solutions GmbH

Robert has worked in the IT industry for almost 20 years in various roles, including as a root cause analysis specialist for a big international IT company. The subjects of code correctness and robustness are one of this main areas of interest, and the focus of a significant portion... Read More →

Monday September 16, 2024 16:20 - 17:00 CEST
Room 0.96-0.97 (Level 0)

Critical Software Summit

Audience Level Intermediate
about Robert has worked in the IT industry for almost 20 years in various roles, including as a root cause analysis specialist for a big international IT company. The subjects of code correctness and robustness are one of this main areas of interest, and the focus of a significant portion of his own software development projects. He currently works as a software developer and consultant for LINBIT HA-Solutions GmbH in Austria.

11:00 CEST

Panel Discussion: Improving the Software Supply Chain Security - Arnaud Le Hors, IBM; Isaac Hepworth, Google; Michael Lieberman, Kusari; and Marina Moore, Independent

Tuesday September 17, 2024 11:00 - 11:40 CEST

Room 0.96-0.97 (Level 0)

OpenSSF and other organizations such as CNCF have been developing new technologies aiming at improving the security posture of open source and the software supply chain. This panel will give attendees a chance to hear from the very people involved in the development of some of these technologies and learn what's behind names like SLSA, S2C2F, and GUAC, the status of these technologies and how they relate to one another.

Speakers

Michael Lieberman

Co-Founder and CTO, Kusari

Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference... Read More →

Arnaud Le Hors

Senior Technical Staff Member Open Technologies, IBM

Arnaud Le Hors is Senior Technical Staff Member of Open Technologies at IBM, primarily focusing on Open Source security. He has been working on standards and open source for over 25 years. Arnaud was editor of several key web specifications including HTML and DOM and was a pioneer... Read More →

Marina Moore

Researcher, Independent

Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab researching secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as in-toto, an incubating project. She contributed to the... Read More →

Isaac Hepworth

Group Product Manager, Google

Isaac is a Google product manager working on software supply chain integrity within Google’s core infrastructure team, focusing on open source. In this role his work has supported Google’s contributions to OpenSSF's Sigstore, SLSA, and most recently GUAC. Over the last couple... Read More →

Tuesday September 17, 2024 11:00 - 11:40 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Beginner

11:55 CEST

Policing Open-Source Projects at Scale - Thomas Neidhart, Eclipse Foundation

Tuesday September 17, 2024 11:55 - 12:35 CEST

Room 0.96-0.97 (Level 0)

Large open-source foundations like the Eclipse Foundation are faced with the challenge of maintaining thousands of repositories for the numerous projects and monitoring that these repositories adhere to certain policies and security guidelines to provide an open, transparent and secure environment for the development of open-source software. We would like to present our approach to tackle these challenges: a system where our projects as hosted on GitHub have their configuration stored as code in a repository itself, and project members can request changes to this configuration by opening a pull request, and once approved, changes get applied automatically. With this approach it is possible to make the current infrastructure of a project transparent to everyone involved, highlight items that should be addressed to adhere to certain policies and empower teams to improve and secure their repositories more easily. In this talk we would also like to outline what we have learned while rolling out this service to projects at the Eclipse Foundation and how such an approach can help to increase collaboration in your community as members are able to learn from each other.

Speakers

Thomas Neidhart

Security Engineer, Eclipse Foundation

Passionate open source developer, focused on helping open-source projects to be more productive and secure.

Tuesday September 17, 2024 11:55 - 12:35 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Any

14:00 CEST

Planning for Retirement: How Can We Prepare for Software’s End-of-Life/End-of-Support Date? - Victoria Ontiveros, CISA & Justin Murphy, DHS/CISA

Tuesday September 17, 2024 14:00 - 14:40 CEST

Room 0.96-0.97 (Level 0)

The ambiguity surrounding terminology and general uncertainty amplifies the end-of-life/end-of-support problem: What is end-of-life? How is end-of-life different from end-of-support? How does this affect supply chain and operational security? This presentation will begin with an overview of the EOL/EOS problem and suggest definitions for key terms to the discussion. Creating shared terminology can support the community in facilitating discussions around EOL/EOS and generating solutions. This presentation will map the EOL/EOS problem to other ongoing discussions including software naming and versioning, acknowledging that this is not a new problem and it is unlikely there is one singular solution. The presentation will also include discussion of the potential role of existing software transparency and supply chain security efforts, such as SBOM, VEX, and CSAF, may play in managing EOL/EOS. We will highlight the OpenEoX efforts from the OASIS community seeking to develop an open source, standardized method to ascertain the EOL/EOS status of products, as well as other ongoing policy efforts. The presentation will close with time for feedback on the presentation and discussion.

Speakers

Justin Murphy

Vulnerability Analyst, DHS/CISA

Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s... Read More →

Victoria Ontiveros

Cybersecurity Specialist, CISA

Victoria Ontiveros joined the Cybersecurity and Infrastructure Security Agency (CISA) in June 2023 as a cybersecurity specialist. At CISA, she supports the agency's software bill of materials (SBOM) work, collaborating with partners across the software ecosystem, U.S. government... Read More →

Tuesday September 17, 2024 14:00 - 14:40 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Any

14:55 CEST

VSCorode: Inside Your IDE, Inside Your Git Repository - Kevin Ward & Fabian Kammel, ControlPlane

Tuesday September 17, 2024 14:55 - 15:35 CEST

Room 0.96-0.97 (Level 0)

For several years now we’ve heard the mantra of shifting left to move security as early as possible in the development process. The aim is to enable developers to understand and produce secure code right away. The primary method to support developers is to enhance their IDE with extensions which can identify security issues, highlight insecure code practices and handle integration with external services. VSCode is one of the most popular IDEs with a flourishing community of extensions for data manipulation, theming, programmatic language features and additional debugging functionality. There is a great deal of trust placed in these extensions so what would happen if an extension turned against you? This talk explores the supply chain risks associated with VSCode extensions, what is required to get an extension included in the marketplace and how simply we hand over control to an unknown third party. We will demonstrate what an adversary can achieve with a malicious extension and how it represents a future red team target from enumeration, persistence and execution.Lastly we’ll offer advice on how to prevent common attack paths.

Speakers

Kevin Ward

Principal Consultant, ControlPlane

Kevin is an Principal Consultant with over 10 years of experience designing, building and testing secure solutions for Government, Defence and Finance sectors. In his own time, Kevin enjoys hacking and hardening systems to discover the balance between security and usability. He co-authored... Read More →

Fabian Kammel

Senior Security Consultant, ControlPlane

Fabian Kammel is a Senior Security Consultant at ControlPlane, where he helps to make the (cloud-native) world a safer place. His goal is to bring hardware security and cloud-native security closer together, as well as, improving the developer experience in the security space. He... Read More →

Tuesday September 17, 2024 14:55 - 15:35 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Intermediate

16:00 CEST

"Here Is a Clean Section of the Beach" - Proactively Auditing Open Source Dependencies and Letting E - Munawar Hafiz, OpenRefactory & Michael Winser, Alpha-Omega

Tuesday September 17, 2024 16:00 - 16:40 CEST

Room 0.96-0.97 (Level 0)

Open source dependencies pose the most serious threat for all software. Software Composition Analysis (SCA) tools can help understand the risk profile using data collected about known vulnerabilities. But what about the unknown ones? The Alpha-Omega project, sponsored by Amazon, Google and Microsoft, has been challenged with the tasks of scouring the most popular Open Source libraries in order to “clean the beach” to make it safe for everyone. But the beach is huge and how can this project be performed at scale? In this talk, Michael Winser, Alpha-Omega co-founder, and Dr. Munawar Hafiz, CEO of OpenRefactory, will discuss the progress that Alpha-Omega has made in scanning and repairing thousands of Open Source libraries. They will describe the scaling challenges, the data handling and storage challenges and how the information is made available to the end users.

Speakers

Munawar Hafiz

CEO, OpenRefactory

Munawar Hafiz is the founder and head of innovations of OpenRefactory, Inc., an application security company that intends to improve the way developers write secure, reliable and compliant code. Munawar had a body of work on automated bug fixing in academia which lays the foundation... Read More →

Michael Winser

Co-founder, Alpha-Omega

Michael is a 40 year veteran in the software industry, with over 25 of those years at Google and Microsoft. He co-founded Alpha-Omega while at Google. Michael is an industry expert in software supply chain security, software development, and developer ecosystems. In addition to Alpha-Omega... Read More →

Tuesday September 17, 2024 16:00 - 16:40 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Beginner

11:00 CEST

Enhancing Artifact Security with GitHub’s Build Provenance and Minder - Fredrik Skogman, GitHub & Radoslav Dimitrov, Stacklok

Wednesday September 18, 2024 11:00 - 11:40 CEST

Room 0.96-0.97 (Level 0)

In the evolving landscape of software development, ensuring the integrity of build artifacts like container images is crucial. In this talk, we'll demonstrate how to use GitHub's Build Provenance API to generate SLSA attestations and create robust policies for your artifacts, verifying their origin and authenticity. We'll examine the contents and significance of these attestations and discuss how to integrate them into your CI/CD pipelines. Additionally, we'll explore using Minder to monitor and enforce these policies across your repositories, ensuring these attestation practices do not degrade over time. We’ll also show how combining these tools can safeguard even in the event of someone else gaining access and pushing a malicious image to your container registry. By the end of this session, you'll have a good understanding of how open source tools like Sigstore, in-toto, SLSA, TUF, and Minder can collectively strengthen the security of the software supply chain. You'll gain practical insights into setting up artifact attestations with GitHub's API and establishing tailored policies with Minder to protect your development processes against vulnerabilities.

Speakers

Radoslav Dimitrov

Senior Software Engineer, Stacklok

Radoslav Dimitrov is a Senior Software Engineer at Stacklok. He's a maintainer of go-tuf, RSTUF and Minder and is contributing to several other software supply chain projects. His interests include mountain biking, cats, coffees and everything that relates to DIY.

Fredrik Skogman

Staff Engineer, GitHub

Fredrik is a Staff Engineer on the Package Security Engineering team at GitHub, where he focuses on software supply chain security. At GitHub he provides technical leadership for standards and tools in the supply chain security space, most recently co-authoring the published npm RFC... Read More →

Wednesday September 18, 2024 11:00 - 11:40 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Intermediate

11:55 CEST

Measuring Security Risk: Community Engagement Is the Best Mitigation - Deb Nicholson, Python Software Foundation

Wednesday September 18, 2024 11:55 - 12:35 CEST

Room 0.96-0.97 (Level 0)

When considering open source software that you include in your products, engaging with your upstream is a more robust and resilient way to gauge your security risks than relying on outsourcing your trust modeling to metrics and GitHub stars. Becoming a partner to your upstream community helps you build more secure software and create the relationships you'll need if there's ever an attack. Plus community engagement has a lot of follow-on benefits for the way your company makes use of open source. This talk covers how to keep surprises to a minimum by engaging with your upstream communities. We'll look at several ways to gracefully go from "who the heck is in charge of that code" to being an open source insider that always knows what’s going on with your upstream partners. We'll also look at how to identify red flags at projects that you may not want to rely on.

Speakers

Deb Nicholson

Executive Director, Python Software Foundation

Deb Nicholson is an open source software policy expert and a passionate community advocate. She is the Executive Director at the Python Software Foundation which serves as the non-profit steward of the Python programming language. She serves on the Board of Directors for the Spritely... Read More →

Wednesday September 18, 2024 11:55 - 12:35 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Intermediate

14:00 CEST

Back to Security Basics: Evaluating, Consuming, and Contributing Open Source Software - Katherine Druckman, Intel

Wednesday September 18, 2024 14:00 - 14:40 CEST

Room 0.96-0.97 (Level 0)

We won! Open source software is everywhere... so now what? Shifting left starts at the beginning – ensuring the security of open source software requires careful evaluation, use, and contribution. This talk will cover some important challenges in securely consuming open source software. Attendees will learn to evaluate projects based on active maintenance, patch cycles, and vulnerability management. We will explore the role of project documentation, code contribution expectations, and community involvement in project maturity and code quality, as well as tools and community guidance. Walk away with the beginnings of a practical framework and checklist that you can mold to your own needs.

Speakers

Katherine Druckman

Open Source Security Evangelist, Intel

Katherine Druckman is an Open Source Evangelist at Intel where she enjoys sharing her passion for a variety of open source topics. She is a long-time open source advocate, developer, and podcaster, and is currently the host of Open at Intel and co-host of the FLOSS Weekly and Reality... Read More →

Wednesday September 18, 2024 14:00 - 14:40 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Any

15:10 CEST

The Missing Post Mortem - Tobie Langel, UnlockOpen

Wednesday September 18, 2024 15:10 - 15:50 CEST

Room 0.96-0.97 (Level 0)

The first half of 2024 saw an entirely new category of threat against open source, one that rocked its trust-based system at its core: social engineering takeover attempt of critical open source projects. These attacks uncovered a systemic gap in open source security management. Up until now, the open source community wasn’t thought of as a potential cyber attack target. But when critical open source projects become stepping stones for industrial espionage, ransomware attacks, or cyberwarfare, maintainers need to adopt comparable security practices to those found in target organizations. This creates a unique set of challenges for open source because of its highly distributed nature and volunteer-based model. In this talk we'll do a post-mortem of the social engineering takeover attempt at the OpenJS Foundation. Without revealing confidential information, we'll still be able to outline critical industry gaps uncovered during this attack and suggest ways to meaningfully improving security at scale while preserving the ethos, culture, and diversity of communities that characterize open source.

Speakers

Tobie Langel

Principal, UnlockOpen

Tobie Langel is a world-leading expert on open source and standardization. He advises some of the biggest names in tech (Google, Microsoft, Mozilla, Intel, Cisco), promising startups (Airtable, Postman, GitLab), industry organizations (OpenJS Foundation, OASIS Open, W3C) and nonprofits... Read More →

Wednesday September 18, 2024 15:10 - 15:50 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Advanced

16:05 CEST

Extract Dependency Data on Scale with Renovate - Sebastian Poxhofer, N26

Wednesday September 18, 2024 16:05 - 16:45 CEST

Room 0.96-0.97 (Level 0)

As modern platforms integrate an increasing array of tools, so too grows the complexity of software dependencies within your codebase. While mainstream dependencies like Docker images, Terraform and NPM packages are well-covered by existing solutions, what about the myriad obscure or custom tooling, perhaps even manually installed binaries lurking in your Dockerfiles? In this session, we'll unveil an Open Source solution designed to systematically extract data from diverse toolsets. Learn how to effectively catalog, track, and maintain these dependencies, eliminating blind spots and ensuring robustness in your development workflow.

Speakers

Sebastian Poxhofer

Senior SRE, N26

Sebastian Poxhofer is a seasoned Open Source maintainer and boasts a rich portfolio of projects including Renovate, TargetAllocator of the OpenTelemetry Operator, and more. With a that experience, he spearheads the development of Internal Developer Platforms in his daily endeavor... Read More →

Wednesday September 18, 2024 16:05 - 16:45 CEST
Room 0.96-0.97 (Level 0)

SupplyChainSecurityCon

Audience Level Any