Using GraphDB Technology to Resolve Transitive Vulnerabilities at Scale • Emil Wareus • GOTO 2022

This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph Emil Wåreus - Head of R&D at Debricked @debrickedab ORIGINAL TALK TITLE Using Graph Database Technology to Resolve Transitive Vulnerabilities at Scale RESOURCES ABSTRACT Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms. In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion! [...] TIMECODES 00:00 Intro 01:19 What is open source security? 04:37 The tree of open source 05:59 Transitive vulnerabilities 11:01 Solution: Update the root 12:35 How different ecosystems work 12:48 Python 14:44 Java 16:27 JavaScript 18:08 Go 20:17 How we solve the problem 22:36 Neo4j demo 38:43 Outro Read the full abstract here: RECOMMENDED BOOKS Jim Webber • Graph Databases • Free eBook version at Nicki Watt & Aleksa Vukotic • Neo4j in Action • Mike Amundsen • Design and Build Great Web APIs • Kasun Indrasiri & Danesh Kuruppu • gRPC: Up and Running • #GraphDatabase #Security #GraphDB #Transitive #Neo4j #Python #Pypi #SoftwareEngineering #Programming #SoftwareDevelopment #EmilWareus #Debricked Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.