Pushing Left, Like a Boss — Part 5.2- Use Safe Dependencies

By Tanya Janca (SheHacksPurple) on May 12, 2021

<rant>

Automating this should be part of every CD/CI pipeline. You should also automate scanning of your source code repository on a regular basis. Everyone should do this, for every project, no matter how small. It’s so easy, and it’s such a huge win for the security of your applications, there is no excuse not to do it.

</rant>

** The CVE list of vulnerabilities is not exhaustive. Many nation-states (including the one you live in), as well as criminal, terrorist, hacktivist, and other malicious groups, actors or organizations do not report zero days that they find(vulnerabilities that are not known to the public and for which there is no known patch), in order to keep them for use as part of their own nefarious activities. Just because you have scanned your third party components for vulnerabilities does not mean they are bulletproof. Sorry folks.

Photo: #WOCTechChat

Categories: Blog

Tags: