Now Playing - You Chose...Wisely: Making Informed Open Source Package Decisions - SnykCon
54420
,
on-demand
You Chose...Wisely: Making Informed Open Source Package Decisions - SnykCon
828559
Atlassian
Atlassian
Atlassian
Peloton
Attassian
MURAL
MURAL
MURAL
MURAL
Amadeus
Amadeus
Adaptavist
Sick Kids Foundation
Atlassian
Atlassian
CBS
Isos Technology
Wells Fargo
Wells Fargo
CBA
Commonwealth Bank Australia
Atlassian
Mabl
Snyk
Atlassian
Nationwide Building Society
Adaptavist
Nationwide Building Society
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Charter Communications
Charter Communications
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Atlassian
Appfire
Appfire
Appfire
MSUFCU
Isos Technology
Atlassian
Splunk
Eficode
Atlassian
Atlassian
Atlassian
Forrester
Atlassian
Atlassian
The Walt Disney Company *Available for a limited time only
Atlassian
Adaptavist
Adaptavist
Adaptavist
Amazon
Amazon Web Services
Appfire
Appfire
Appfire
Software development is increasingly about composition. Modern developers are able to stand on the shoulders of giants, using a wealth of open source libraries to build software quickly and delightfully. More and more open source packages are released every day on npm, PyPI, Maven Central and other central repositories. New versions of libraries are released hourly. However, attackers are finding ways of using the open source toolchain to scale attacks. How do you choose the best library when considering sustainability, security and compliance as well as functionality? In this talk we’ll understand why package health is important and how you can help make sustainable library choices and minimize future maintenance like: • Making sure you consider open source license implications as part of development • Considering the security history, maintenance history and other projects attributes • Automating dependency management to keep versions up-to-date