Talk in English - US at php[tek] 2024
Short URL: https://joind.in/talk/6a729
(QR-Code (opens in new window))
Everyone has heard of supply chains at this point, but what exactly does that mean for a PHP project? Learn more about software supply chains, how Composer, packagist.org and Private Packagist come into it and which role PHP dependencies play. This talk will present concrete steps you can take to identify your dependencies and give advice on measures you can put in place to better manage and protect how your application is assembled.
Comments
Please login to leave a comment
Given that this was a 30 minute slot, the fact that this was a high-level talk was reasonable. It did feel like some places were glossed over, with a final "and Private Packagist fixes these issues" at the end that, if I didn't know any better, would sound like more of a vendor pitch than it actually is.
I'm thinking that expanding to a 45-50 minute slot would've allowed time for questions and a bit more detail. But the presentation was well put together, slides were solid, etc.
Great overview of the various attack vectors used for supply-chain attacks and how teams might be able to protect against them.
Very good overview of the topic and where Composer fits. I now have a list of things to consider.
Great summary, in a short time, of the attack vectors to watch out for while using external packages and what you can do to mitigate these risks.