Using Graph Database Technology to Resolve Transitive Vulnerabilities at Scale
You need to be signed in to add a collection
Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms. In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion!
Transcript
Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms.
In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion!
About the speakers
Head of R&D at Debricked