Picking a Winner: How to Pick the Right Dependency Resolution Graph
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the complexities of dependency resolution in open-source software development through this 48-minute conference talk by Eve Martin-Jones and Josie Anugerah from Google. Delve into the challenges faced by dependency resolvers when generating valid transitive dependency graphs based on seemingly simple direct dependencies. Gain insights into how the intricacies of dependency resolution interact with features and bugs in popular package management tools like npm, Maven, Go, and PyPI. Understand the implications for open-source maintainers and consumers, including the difficulties in enforcing and predicting dependency sets. Examine the impact of these complexities on software artifact standards such as SBOM and SLSA, and learn about the broader implications for the open-source ecosystem.
Syllabus
Picking a Winner: How to Pick the Right Dependency (Resolution...- Eve Martin-Jones & Josie Anugerah
Taught by
Linux Foundation
Tags
Related Courses
Target Rich Cyber PoorBSidesLV via YouTube The A's, B's, and Four C's of Testing Cloud-Native Applications
LASCON via YouTube SBOM Challenges and How to Fix Them
BSidesLV via YouTube The Case for Software Bill of Materials
BSidesLV via YouTube Collaborating to Improve Open Source Security - How the Ecosystem Is Stepping Up
RSA Conference via YouTube