Modern software has dependencies – lots of dependencies, especially when including the transitive ones. Most of those dependencies are open source and are available via public package repositories.
Any of those dependencies may have vulnerabilities, supply chain attacks or use unwanted licenses.
All this may change with any version. In this session we will have a look at different techniques and tools (Renovate, syft, etc.) for choosing and managing dependencies and see how you can prevent different types of security issues.