Open-source software (OSS) has transformed the way we build software, for the better. It’s designed for reusability, transparency, ease and allows you to incorporate components into your own applications as dependencies. Most of the companies and applications we rely on today, are only made possible because of OSS.
But, the power of OSS did not come without also introducing significant risk. Open-source projects have vulnerabilities. In fact, last year 51% of JavaScript packages downloaded had a known vulnerability and 12.1% of Java packages had a known vulnerability. Or, they could be maliciously attacked by bad actors, compromising any applications that depend on those projects. Dependencies hosted in public repositories can disappear, breaking your builds. Complexity can obscure the true surface area of your application, making it difficult to spot security holes in your apps. The list goes on.
The good news – all of the risks can be prevented with responsible building practices. In this session learn:
- How to pick a trusted source for OSS components, and why it’s so important
- How to get started with free tools to begin checking for issues in components
- How responsible building can actually improve the speed and reliability of your build pipeline
- How automating your OSS security can help take 25 days of manual work, down to 5 minutes