The importance of understanding and assuring the trustworthiness of external dependencies in software applications
- Modern software components contain a selection of external dependencies whose provenance is unknown
- Assuring the trustworthiness of dependencies is often ignored by organizations and their engineering teams
- Efficient, automated pipelines can be used to audit dependencies for vulnerabilities and license obligations, assess them against the organization’s security policies, and ultimately provide the ability to control which dependencies can be used and deployed within the organization