GMT/-5 : Security of Go Modules and Vulnerability Scanning

This online event is scheduled for July 9 at 5:30PM US Pacific Time (7:30PM US Central)

Speaker: Deep Datta (@DeepDattax) from JFrog

Presentation: Security of Go Modules and Vulnerability Scanning in GoCenter and VSCode

When a developer creates a new module or a new version of an existing module in Go 1.13, a go.sum file included in the module creates a list of SHA-256 hashes that are unique to that module version. That go.sum file is then sent to Google’s official checksum database where it is stored and used to verify that modules haven’t been tampered with when accessed later by a GOPROXY. This helps keep the integrity of packages intact. In this talk, Deep will go over the behavior of the checksum database, how it protects Go modules, and how JFrog is building new tools to keep modules safe in VSCode.

Speaker Bio:

Deep Datta is a Product Manager with JFrog managing the GoCenter - The Central Go Modules Repository. He loves encouraging diversity in tech and he has a passion for helping people join open source communities. Before JFrog he helped build and manage open source programs at Indeed and Benetech.org. Outside of work, Deep likes to travel the world, go to live music events, learn Golang, and find beautiful places to go hiking.