François Proulx -- Actionable Software Supply Chain Security

Software supply chain -- how deep does the problem go? François is here to help us realize how deep the rabbit hole of the supply chain is and enlighten us with strategies to get out of the hole.François emphasizes the importance of branch protection in source code repositories as the cornerstone of any supply chain, highlighting the need for peer review and static code analysis before merging. He also discusses the concept of tag protection, which prevents anyone with rewrite access to the r...