François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
Released Tuesday, 22nd October 2024
François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages
Tuesday, 22nd October 2024
François Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guidance. Francois has over 10 years of experience in building application security programs, he’s also the founder of the NorthSec conference in Montreal.
Mentioned in the Episode:
Cooking for Geeks by Jeff Potter
Poutine
Living Off the Pipeline project
Grand Theft Actions Abusing Self Hosted GitHub Runners - Adnan Khan and John Stawinski
Where to find Francois:
LinkedIn
X: @francoisproulx
Previous Episodes:
François Proulx -- Actionable Software Supply Chain Security
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Show More
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2025 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us