Everyone has heard of supply chains at this point, but what exactly does that mean for a PHP project? Learn more about software supply chains, how Composer, packagist.org and Private Packagist come into it and which role PHP dependencies play. This talk will present concrete steps you can take to identify your dependencies and give advice on measures you can put in place to better manage and protect how your application is assembled.


Please login to leave a comment

Ian Littman at 13:43 on 23 Apr 2024

Given that this was a 30 minute slot, the fact that this was a high-level talk was reasonable. It did feel like some places were glossed over, with a final "and Private Packagist fixes these issues" at the end that, if I didn't know any better, would sound like more of a vendor pitch than it actually is.

I'm thinking that expanding to a 45-50 minute slot would've allowed time for questions and a bit more detail. But the presentation was well put together, slides were solid, etc.

Great overview of the various attack vectors used for supply-chain attacks and how teams might be able to protect against them.

Rob Allen at 09:12 on 24 Apr 2024

Very good overview of the topic and where Composer fits. I now have a list of things to consider.

Bobby Cahill at 16:39 on 25 Apr 2024

Great summary, in a short time, of the attack vectors to watch out for while using external packages and what you can do to mitigate these risks.