Preparing for Supply Chain Attacks

Supply chain attacks have been on the rise in recent years. In this session, we will discuss the safe operation of libraries and vulnerability management of Android projects using Gradle with focusing on the following topics: 1. Signature verification of libraries in Gradle - How to set up dependency verification - Dependency Locking and Transitive Version management 2. Preparation for actual attacks - Library management and vulnerability notification using external tools such as Dependabot and Renovate - How to prepare using GitHub Actions The goal of this session is to learn how to defend against supply chain attacks in android projects using Gradle. Keywords: Gradle, PGP, signature, SLSA, SBOM (Translated by the DroidKaigi Committee)

  • RyuNen344 android app developer

View slides

Summary

  • Dates 2024.09.12 / 11:20 ~ 12:00 (40min)
  • Place Iguana
  • Language Japanese (English interpretation available)

Intended audience

Those who want to use external libraries safely in their projects using Gradle. Those who are interested in supply chain risks in android development.

Sessions in the same time slot

Hedgehog
11:20 ~ 12:00

Essential concepts to know when learning Declarative UI

HyunWoo Lee

#Cross-platform Development

Giraffe
11:20 ~ 12:00

From Android View to Jetpack Compose: A Guide to Migration

syarihu

#Jetpack Compose

Flamingo
11:20 ~ 12:00

Understanding Context

Okumura

#Android Framework

View all sessions
Call for Speakers Timetable Proposals Committee Members
Code of Conduct Contact Us Privacy Policy
Android is a trademark of Google LLC. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Android, Google Play and the Google Play logo are trademarks of Google LLC.
Past DroidKaigi

© 2014- DroidKaigi Committee