Wednesday, April 6, 2022 PDT
Wednesday, April 6, 2022 PDT
in  
Agile & DevOps
You Chose...Wisely: Making Informed Open Source Package Decisions - SnykCon

Software development is increasingly about composition. Modern developers are able to stand on the shoulders of giants, using a wealth of open source libraries to build software quickly and delightfully. More and more open source packages are released every day on npm, PyPI, Maven Central and other central repositories. New versions of libraries are released hourly. However, attackers are finding ways of using the open source toolchain to scale attacks. How do you choose the best library when considering sustainability, security and compliance as well as functionality? In this talk we’ll understand why package health is important and how you can help make sustainable library choices and minimize future maintenance like: • Making sure you consider open source license implications as part of development • Considering the security history, maintenance history and other projects attributes • Automating dependency management to keep versions up-to-date

22 - Session Type
Sponsored
Team Type
IT
Solution
DevOps
Deployment Method
N/A
22 - Session theme
Agile & DevOps
Duration
27:48

You Chose...Wisely: Making Informed Open Source Package Decisions - SnykCon

Software development is increasingly about composition. Modern developers are able to stand on the shoulders of giants, using a wealth of open source libraries to build software quickly and delightfully. More and more open source packages are released every day on npm, PyPI, Maven Central and other central repositories. New versions of libraries are released hourly. However, attackers are finding ways of using the open source toolchain to scale attacks. How do you choose the best library when considering sustainability, security and compliance as well as functionality? In this talk we’ll understand why package health is important and how you can help make sustainable library choices and minimize future maintenance like: • Making sure you consider open source license implications as part of development • Considering the security history, maintenance history and other projects attributes • Automating dependency management to keep versions up-to-date

You Chose...Wisely: Making Informed Open Source Package Decisions - SnykCon sessions