Software Supply Chain with Barak Schoster

The software supply chain consists of packages, imports, dependencies, containers, and APIs. These different components each have unique security risks. To ensure the security of their software supply chain, many developers use tools to analyze and scan their infrastructure for vulnerabilities.

Barak Schoster works at Bridgecrew, a DevSecOps cloud security platform. He joins the show to talk about the risks of the modern software supply chain and what his company does to alleviate it.

 

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com to get 15% off the first three months of audio editing and transcription services with code: SED. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript. 


Sponsors

Stream provides an easy-to-integrate chat solution for any application. With robust SDKs and an API built for ease of use, scalability, reliability, and security, product teams can focus on what makes their app unique rather than spending months on building a chat infrastructure. Stream’s feature-rich products include robust client-side SDKs for Angular, iOS, iOS Swift/UI, Android, Compose, React, React Native, Flutter, and Unreal support for the most commonly used server-side languages; scalable and secure APIs; and a beautiful UI kit. Check it out at https://getstream.io/

Act in Time with InfluxData. Easy to start, easy to scale. InfluxDB is THE open-source time-series database. Programmable and performant with a common API across OSS, cloud, and Enterprise offerings, InfluxDB gives you high granularity, high scale, and high availability. Capture, analyze, and store millions of points per second, and gain visibility across all your data sources. To learn more and get started for free, visit influxdata.com/sedaily

Data engineers struggling with unreliable data rely on Monte Carlo, the world’s first end-to-end, fully automated Data Observability Platform! Monte Carlo enables data teams with visibility into the quality and reliability of their analytical data to maximize business impact. Start trusting your data with Monte Carlo today! Visit softwareengineeringdaily.com/montecarlodata
to learn more.

Understand nested relationships across your microservices with distributed tracing and observability. Wrangling production complexity doesn’t have to be hard. Make tracing powerful, effective, and easy! Use Honeycomb for free at
softwareengineeringdaily.com/honeycomb.

WorkOS is a developer platform to make your app enterprise-ready. With a few simple APIs, you can immediately add common enterprise features like Single Sign-On, SAML, SCIM user provisioning, and more. Developers will find beautiful docs and SDKs that make integration a breeze. WorkOS is kind of like “Stripe for enterprise features.” WorkOS powers apps like Webflow, Hopin, Vercel, and more than 100 others. The platform is rock solid, fully SOC-2 compliant, and ready for even the largest enterprise environments. So what are you waiting for? Integrate WorkOS today and make your app enterprise-ready. To learn more and get started, go to softwareengineeringdaily.com/workos

Software Daily

Software Daily

 
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.