Loading…
Open Source Summit + Embedded Linux Conference North America... has ended
May 18-20, 2026
Minneapolis, MN
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central DaylightTime (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Is Maven Safe for Production? - Adam Kaplan, Red Hat & Manfred Moser, Chainguard
Wednesday May 20, 2026 2:10pm - 2:50pm CDT
200G (Level Two)
Apache Maven’s central role in the Java ecosystem is undeniable, however its flexible plugin framework creates significant hurdles for adopting modern secure software practices. Securing the Java software supply chain to meet CRA and other regulatory requirements can feel like a daunting, if not impossible task.

This session will dive deep into the technical complexities of producing secured Maven builds through the practical experiences of two open source redistributors. You will learn strategies for producing SLSA artifacts for Maven builds, approaches for signing Java artifacts with Sigstore Cosign, and barriers to producing complete and accurate Software Bills of Materials (SBOMs) with Maven. We will also explore newer developments in the Maven ecosystem for cataloging dependencies and establishing trust in the Maven build process. This talk will conclude with a discussion of current gaps in Maven that could be addressed with the upcoming release of Maven 4.
Speakers
avatar for Adam Kaplan

Adam Kaplan

Senior Principal Software Engineer, Red Hat
Adam Kaplan (he/him/his) is a software engineer at Red Hat, a maintainer of the Shipwright and Tekton projects, and former CD Foundation Governing Board member. He currently leads efforts to simplify hybrid cloud application development and secure Red Hat's software supply chain... Read More →
avatar for Manfred Moser

Manfred Moser

Sr Principal Dev Rel Engineer, Chainguard
Manfred Moser is a Sr Principal DevRel Engineer at Chainguard, bringing a profound focus on software supply chain security to the open source world. A dedicated community leader and published author, his technical expertise spans decades as a software engineer and advocate. He has... Read More →
Is Maven Safe for Production final pdf
Wednesday May 20, 2026 2:10pm - 2:50pm CDT
200G (Level Two)
  Packages + Images + Containers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link