Session

How to stop the ‘Gradle Snatchers’: Securing your builds from baddies

Following on from one of the first recorded supply chain attacks against Gradle, this talk will discuss the security concerns surrounding our favourite build tool and how we can protect against them. This starts with gaining an understanding of some of Gradle's common vulnerabilities and how to avoid these within our projects. You'll leave this talk with:

- Insights on the Gradle Wrapper supply-chain attack and how to protect against it.
- An overview of a Gradle dependency attack and how to protect against them.
- A concrete list of security setting best practices within Gradle, including wrapper verification, repository filtering, dependency verification and others.

Ed Holloway-George

Lead Android Developer @ ASOS | Android GDE

Nottingham, United Kingdom

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top