Using GraphDB Technology to Resolve Transitive Vulnerabilities at Scale • Emil Wareus • GOTO 2022
About this talk
This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph http://gotocph.com Emil Wåreus - Head of R&D at Debricked @debrickedab ORIGINAL TALK TITLE Using Graph Database Technology to Resolve Transitive Vulnerabilities at Scale RESOURCES https://twitter.com/emil_wareus https://github.com/emilwareus https://linkedin.com/in/emilwareus ABSTRACT Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms. In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion! [...] TIMECODES 00:00 Intro 01:19 What is open source security? 04:37 The tree of open source 05:59 Transitive vulnerabilities 11:01 Solution: Update the root 12:35 How different ecosystems work 12:48 Python 14:44 Java 16:27 JavaScript 18:08 Go 20:17 How we solve the problem 22:36 Neo4j demo 38:43 Outro Read the full abstract here: https://gotocph.com/2022/sessions/2203 RECOMMENDED BOOKS Jim Webber • Graph Databases • https://amzn.to/3l7k8hj Free eBook version at https://graphdatabases.com Nicki Watt & Aleksa Vukotic • Neo4j in Action • https://amzn.to/3oPmq8o Mike Amundsen • Design and Build Great Web APIs • https://bookshop.org/a/9452/9781680506808 Kasun Indrasiri & Danesh Kuruppu • gRPC: Up and Running • https://amzn.to/3sBGBJJ https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.facebook.com/GOTOConferences #GraphDatabase #Security #GraphDB #Transitive #Neo4j #Python #Pypi #SoftwareEngineering #Programming #SoftwareDevelopment #EmilWareus #Debricked Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Topics covered
Stay Updated
Get notified about new features and conference additions.
