Design a site like this with WordPress.com
Get started

The Three Pillars of Reproducible Builds

Over the past year, software engineers have lived through the shock of infiltrated or intentionally broken NPM packages, supply chain attacks, long-unnoticed backdoors, and more. This has created a firestorm of activity around how to securely build software. Many organizations, from the Linux Foundation to the United States government, are calling for and building new practices and regulations, and one of the primary threads is around “reproducible builds.”

It’s one thing to talk about reproducible builds and how they strengthen software supply chain security, but it’s quite another to effectively configure a reproducible build. Concrete steps for specific languages are a far larger topic than can be covered in a single blog post, but today we’ll be talking about some guiding principles when designing reproducible builds.

Read more…

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: