top of page

Melissa McKay: Navigating a Mined World: Repositories, Registries and Artifact Storages

Updated: Nov 7, 2023



Melissa is passionate about Java, DevOps and Continuous Delivery. She is currently a Developer Advocate for JFrog, serves on the Continuous Delivery Foundation TOC and is a Co-Chair of the Interoperability SIG. She loves sharing her knowledge with the community as a developer, speaker, and author. Melissa has been recognized as a Java Champion and Docker Captain, is an international speaker at numerous events including KubeCon and DockerCon, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.


Navigating a Mined World: Repositories, Registries and Artifact Storages


As binary and package managers continue to gain popularity, the need for secure code repositories that can be trusted is becoming increasingly important. With the ever-growing threat of cyber attacks, malicious packages in these repositories are becoming a significant concern. This security research-backed presentation aims to showcase the current state of binary and package manager repositories, including an overview of the most commonly used ones. We will examine the risk level associated with using these repos, including potential risks associated with user authentication, malicious packages, and software supply chain attacks. We will also explore how vulnerabilities can be mitigated, such as by implementing secure coding practices, proper authentication and authorization strategies, and standard security protocols. In the end, you'll gain a better understanding of the importance of securing code repositories, and how you can prevent vulnerabilities known to target your supply chain.

Comentários


bottom of page