| Virtual

GitHub Checkout | Dependabot

  • Supply chain security
Play

From software composition reports, we know that most applications rely on dozens or even hundreds of open source dependencies. Sometimes, adding a single library to your manifest file can result in bringing in a massive dependency tree. How can we make sure that we stay on top of any known vulnerabilities, and update our dependency versions as needed?

In this video, Maya Kaczorowski and Sasha Rosenbaum discuss how Dependabot works behind the scenes to help you identify and remediate known vulnerabilities, and show us a demo of the feature.