Know Your Dependencies: A Guide to Automating Dependency Assurance - Steve Judd, Jetstack

less than 1 minute read

Abstract

It is a truth universally acknowledged that almost every modern software component contains a selection of external dependencies whose provenance is unknown. Another truth is that no dependency should be trusted until proven trustworthy. This second truth, though, is often ignored by organisations and their engineering teams, who argue that assuring the trustworthiness of dependencies is too complex, too time-consuming and has a detrimental impact on development velocity. This talk will describe how Jetstack has worked with several clients in the financial services and defence sectors to help them develop dependency assurance mechanisms and processes that allow greater visibility and insight into the dependencies used and their impact on the clients’ risk and security postures. The audience will learn how modern tooling and practices can be used to create efficient, automated pipelines that audit dependencies for vulnerabilities and licence obligations, assess them against the organisation’s security policies and ultimately provide the ability to control which dependencies can be used and deployed within the organisation.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Know Your Dependencies: A Guide to Automating Dependency Assurance - Steve Judd, Jetstack

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google