Managing dependencies isn’t just best practice, it is an essential ongoing process. Implement these strategies in your projects to stay ahead of potential issues and ensure your software remains reliable, secure and up to date.
The Practicalities of Open Sourcing
If you’re contemplating the daring act of open sourcing your projects, here are some things to know before you set out.
Checkmarx Report Details Havoc Caused by ‘Everything’ Package on NPM Registry
A Checkmarx report details an ‘Everything’ package distributed via the NPM registry that cripples any machine used to download it.
The Case For an API-First SCM
Somewhere around a decade ago, about the time DevOps really started to manifest, we began seeing technology companies—including some of the largest ones today—investing heavily in their APIs. API-first companies managed to rapidly gain widespread adoption because of the benefits of being API-driven. Everything from automation and scalability to flexibility, performance, speed and monetization. Once […]
Report: Most IT Teams Can’t Fix Open Source Software Security
Lineaje, a provider of a platform for securing software supply chains, today published an analysis of 41,989 open source components embedded in the top 44 popular projects managed by the Apache Software Foundation (ASF). That analysis found more than a quarter (26%) of vulnerabilities are not patchable by the application development team that deployed them. […]
Running Serverless in Production: 7 Best Practices for DevOps
Serverless in production refers to the deployment and use of serverless architecture in a live, production environment. In this context, serverless refers to a cloud computing paradigm where the cloud provider manages the infrastructure and allocates resources as needed to run and scale applications and services. In a serverless production environment, applications and services are […]
Massive Number of Transitive Dependencies Traced to Open Source Code
An analysis of nearly 2,000 software packages published by Endor Labs found 95% of all application vulnerabilities can be traced back to a transitive dependency created when a developer used an open source component. The study, conducted by the Station 9 research arm of Endor Labs, a provider of a platform for identifying software dependencies, […]
Why App Dependency Mapping Is Critical for Cloud Migration
Software dependencies are a crucial part of efficient, component-based programming. At the same time, they can be a hurdle for fast-paced agile development teams, because they can make it more difficult to deploy, update and migrate software applications. Many applications have dozens or hundreds of dependencies, each with its own transitive dependencies, making the problem […]
Common Hidden Dependencies and How to Uncover Them
It’s no secret that a truly Agile approach minimizes the risk organizations assume with waterfall or other traditional project management methods, by letting teams iterate and inspect and adapt as they go. But many companies lack clear visibility into real-time dependencies at the team level—even with daily standups, iteration and release planning, and a regular […]
ADDI Addresses the Problem of Dependency Management
Want to know what a bad day looks like? Imagine you’re a developer working your way up the career ladder. One day your manager comes by your cube to tell you that you’ve been assigned to implement a critical, new feature in the company’s premiere application. You’re elated. At last you get to show off […]