Explore the essential functions of software dependencies, manifest, and lock files, emphasizing their contribution to security. This presentation underscores the significance of managing vulnerabilities using software composition analysis tools, offering insights and practical strategies to enhance the security of your software supply chain.
Speaker Bio:
Kyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition to this research, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.
Негізгі бет Software Supply Chain 101: Understanding Dependencies
Пікірлер