logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Conan.Io – Lessons Learned from Securing 40,000 C++ Packages - Diego Rodriguez

Conference:  Cloud Native SecurityCon North America 2022
Authors: Diego Rodriguez-Losada Gonzalez
2022-10-24

tldr - powered by Generative AI

Diego Rodriguez shares how Conan.io, an open-source package manager for C and C++, has managed to maintain supply chain security despite its wide reception.
  • Conan.io is an open-source package manager for C and C++ that has over 11 million binaries built by user-submitted recipes.
  • Despite its wide reception, Conan.io has had 0 security incidents since its inception.
  • Conan.io utilizes automated quality checks, compiler security mitigations, package signing, a secure build pipeline, and an extremely strict and efficient review process to maintain supply chain security.
  • Diego Rodriguez and his team have received over 9000 pull requests in the last two years and have a dedicated team of 10 people sponsored by jfrog as maintainers of the Conan project.
  • Conan.io is becoming an important piece in the C++ ecosystem and needs to be secure.
Tags:
Supply chain security
package repositories
npm
PyPI
Conan.io