Mapping the Minefield of Open Source Software Risks | Kyle Kelly | Conf42 DevOps 2024

Conference: Conf42 DevOps 2024

Year: 2024

Read the abstract ➤https://www.conf42.com/DevOps_2024_Kyle_Kelly_minefield_opensource_software Other sessions at this event ➤ https://www.conf42.com/devops2024 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 0:38 preamble 0:47 about kyle 1:16 agenda 1:38 software dependencies 2:05 open source software (oss) 3:48 oss vulnerabilities 7:14 an uncomfortable prioritization exercise 8:10 semgrep supply chain (ssc) 9:40 software composition analysis (sca) 11:34 one of a few ways: reachability 13:30 now what? remediation 14:23 easy wins with semantic versioning (semver) 16:01 manifest file (dependency versions) 17:37 example 18:31 transitive vulnerabilities 20:49 key takeaways 21:48 resources