You chose...wisely. Making informed open source package decisions

You chose...wisely. Making informed open source package decisions

Description:

Software development is increasingly about composition. Modern developers are able to stand on the shoulders of giants, using a wealth of open source libraries to build software quickly and delightfully. Gone are the days when you needed to delve into the lowest levels of the machine to get anything done.

More and more open source packages are released every day on npm, PyPI, Maven Central and other central repositories. New versions of libraries are released hourly. We're seeing new open source and open source-like licenses be proposed and see early adoption.Attackers are finding ways of using the open source toolchain to scale attacks. How do you choose the best library when considering sustainability, security and compliance as well as functionality?

In this talk we'll understand why package health is important and how Snyk can help you to make sustainable library choices and minimize future maintenance like:

€¢ Making sure you consider open source license implications as part of development€¢ Considering the security history, maintenance history and other projects attributes€¢ Automating dependency management to keep versions up-to-date

Speakers:

Daniel Berman

, Snyk

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon