dependency-management
Safeguard articles tagged "dependency-management" — guides, analysis, and best practices for software supply chain and application security.
129 articles
Spring Boot Security and Dependency Management
Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.
GitHub Dependabot and the State of Automated Dependency Security
Dependabot has become the default for dependency updates, but its limitations highlight why automated scanning alone isn't enough for supply chain security.
The Hidden Risk of Abandoned Open Source Projects
Abandoned open source projects do not disappear. They continue to be installed, depended upon, and deployed in production. They just stop getting security patches.
Spotify's Dependency Management at Scale
Inside Spotify's approach to managing thousands of dependencies across hundreds of microservices, balancing developer autonomy with supply chain security.
Dependabot vs Renovate: Which Dependency Update Bot Should You Use?
A practical guide comparing Dependabot and Renovate for automated dependency updates, covering configuration flexibility, ecosystem support, and team workflows.
Package Lock Files and Their Security Implications
Lock files are your first line of defense against dependency drift. This guide explains how package-lock.json, yarn.lock, and similar files protect your builds from supply chain manipulation.
Dependency Update Strategies for Large Codebases
At scale, keeping dependencies current is not a weekend chore — it is an engineering discipline. The wrong update strategy creates either a mountain of tech debt or a pipeline permanently broken by cascading upgrades.
Maven Central Supply Chain Risks: Securing the Java Ecosystem
Maven Central is the backbone of the Java ecosystem, serving billions of artifact downloads annually. Its unique trust model and dependency resolution create supply chain risks that Java teams must understand.
Equifax: The Supply Chain Angle Few Talked About
The 2017 Equifax breach is a case study in Apache Struts, inherited dependencies, and a vulnerability management process that mistook lists for action.