Speaker Details

Cédric Champeau


Cédric Champeau is Principal Software Engineer at Gradle, Inc, working on the open-source Gradle build tool. He contributed performance improvements and is currently mainly focused on dependency management with Gradle. Previously Cédric worked on the Apache Groovy project, where he implemented the static compiler and worked on many compile time meta-programming features (AST xforms, traits, ...)

The Gradle BOF

Come meet the team which builds Gradle, your favorite build tool!

This session will be the opportunity to talk to other users, gather feedback, share your experience and even ask for future developments.

If you have no experience around Gradle it's also the opportunity to learn about the differences with other build tools.

Of course if you are using something else and you are curious about Gradle, don't be shy, join us!

Gradle Team
Apache Maven

Protecting your organization against attacks via the build system

Everyday, as developers, we build dozens of times. Sometimes without noticing (in the IDE), sometimes explicitly from the CLI (gradle test, mvn clean test), sometimes from CI. However, barely anyone recognizes the security risks of building software. Those attacks are not theoretical anymore.

This talk will highlight potential attack vectors and explain how we can mitigate them. The build tool is by definition insecure because it's a free execution environment. However, there are ways we can reduce the risks, or even significantly reduce them.

Some topics we will cover:

  • making sure the dependencies you use are the ones you expect
  • using checksums and signatures
  • rejecting vulnerable dependencies
  • build reproducibility
  • disposable build environments and mitigating performance issues related to them
  • testing external contributions

We will mostly illustrate those with Gradle but most of the recommendations are also valid with Apache Maven.

Apache Maven

Talks by tracksTalks by session typesList of SpeakersSchedule