ICSME 2025
Sun 7 - Fri 12 September 2025 Auckland, New Zealand

This program is tentative and subject to change.

Thu 11 Sep 2025 10:30 - 12:00 at OGGB5 260-051 - Technical Briefing 1

Macaron is an open-source security tool developed by Oracle Labs to enhance the security of software supply chains, with a focus on detecting malicious code in Python packages and securing build processes. As the use of third-party libraries in application development continues to grow, so does the risk of supply chain attacks targeting open-source packages. Macaron addresses this challenge by performing static analysis to detect unknown threats and malware embedded in both package metadata and code. It also extracts critical build information, enabling the reconstruction of packages and the identification of suspicious code within upstream artifacts. Aligned with the latest Supply Chain Levels for Software Artifacts (SLSA) framework, Macaron provides an extensible policy engine for enforcing compliance with security best practices. This presentation will provide an overview of the tool, showcase hands-on tutorials, and discuss real-world applications, demonstrating how Macaron helps organizations protect their software supply chains.

This program is tentative and subject to change.

Thu 11 Sep

Displayed time zone: Auckland, Wellington change

10:30 - 12:00
Technical Briefing 1Technical Briefings at OGGB5 260-051
10:30
90m
Tutorial
Macaron: A Comprehensive Tool for Analysis and Protection of Software Supply Chains
Technical Briefings
Behnaz Hassanshahi Oracle Labs, Australia, Paddy Krishnan Oracle Labs, Australia