Macaron: A Comprehensive Tool for Analysis and Protection of Software Supply Chains
This program is tentative and subject to change.
Macaron is an open-source security tool developed by Oracle Labs to enhance the security of software supply chains, with a focus on detecting malicious code in Python packages and securing build processes. As the use of third-party libraries in application development continues to grow, so does the risk of supply chain attacks targeting open-source packages. Macaron addresses this challenge by performing static analysis to detect unknown threats and malware embedded in both package metadata and code. It also extracts critical build information, enabling the reconstruction of packages and the identification of suspicious code within upstream artifacts. Aligned with the latest Supply Chain Levels for Software Artifacts (SLSA) framework, Macaron provides an extensible policy engine for enforcing compliance with security best practices. This presentation will provide an overview of the tool, showcase hands-on tutorials, and discuss real-world applications, demonstrating how Macaron helps organizations protect their software supply chains.
This program is tentative and subject to change.
Thu 11 SepDisplayed time zone: Auckland, Wellington change
10:30 - 12:00 | |||
10:30 90mTutorial | Macaron: A Comprehensive Tool for Analysis and Protection of Software Supply Chains Technical Briefings |