This week Jonathan Bennett and Dan Lynch talk with François Proulx about Poutine, the Open Source security scanner for build pipeline vulnerabilities. This class of vulnerability isn’t as well known as it should be, and threatens to steal secrets, or even allow for supply chain attacks in FLOSS software.
Poutine does a scan over an organization or individual repository, looking specifically for pipeline issues. It runs on both GitHub and GitLab, with more to come!
https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner
https://github.com/boostsecurityio/poutine/blob/main/README.md
https://www.youtube.com/watch?v=DyioLvIVur4
Did you know you can watch the live recording of the show right in the Hackaday Discord? Have someone you’d like use to interview? Let us know, or contact the guest and have them contact us!
Direct Download in DRM-free MP3.
If you’d rather read along, here’s the transcript for this week’s episode.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)