This week Jonathan Bennett and Dan Lynch talk with François Proulx about Poutine, the Open Source security scanner for build pipeline vulnerabilities. This class of vulnerability isn’t as well known as it should be, and threatens to steal secrets, or even allow for supply chain attacks in FLOSS software.
This is a companion discussion topic for the original entry at https://hackaday.com/2024/05/22/floss-weekly-episode-784-ill-buy-you-a-poutine/