Sophisticated -- and not-so sophisticated -- breaches and attacks in recent years have taught us a lot about the soft spots that attackers target. We can turn these insights into actionable advice for the average devops team.

This talk will look at some real world examples of supply chain compromises and translate the lessons into concrete actions that you can take today to help secure your builds and pipelines. The incidents we’ll look at include the codecov breach and the recent changed-files attack. I’ll show how straightforward changes to build processes and CI/CD settings can help prevent similar attacks and mitigate the effects when dependencies are breached.

Supply chain security is becoming more and more important, but it is often talked about in abstract and general terms that do little to help the average organisation. Not in this talk!