Using GraphDB Technology to Resolve Transitive Vulnerabilities at Scale • Emil Wareus • GOTO 2022

Published: 09 May 2023
on channel: GOTO Conferences

23,591

This presentation was recorded at GOTO Copenhagen 2022. #GOTOcon #GOTOcph
http://gotocph.com

Emil Wåreus - Head of R&D at Debricked ‪@debrickedab‬

ORIGINAL TALK TITLE
Using Graph Database Technology to Resolve Transitive Vulnerabilities at Scale

RESOURCES
  / emil_wareus
https://github.com/emilwareus
  / emilwareus

ABSTRACT
Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms.

In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion! [...]

TIMECODES
00:00 Intro
01:19 What is open source security?
04:37 The tree of open source
05:59 Transitive vulnerabilities
11:01 Solution: Update the root
12:35 How different ecosystems work
12:48 Python
14:44 Java
16:27 JavaScript
18:08 Go
20:17 How we solve the problem
22:36 Neo4j demo
38:43 Outro

Read the full abstract here:
https://gotocph.com/2022/sessions/2203

RECOMMENDED BOOKS
Jim Webber • Graph Databases • https://amzn.to/3l7k8hj
Free eBook version at https://graphdatabases.com
Nicki Watt & Aleksa Vukotic • Neo4j in Action • https://amzn.to/3oPmq8o
Mike Amundsen • Design and Build Great Web APIs • https://bookshop.org/a/9452/978168050...
Kasun Indrasiri & Danesh Kuruppu • gRPC: Up and Running • https://amzn.to/3sBGBJJ

  / gotocon
  / goto-
  / gotoconferences
#GraphDatabase #Security #GraphDB #Transitive #Neo4j #Python #Pypi #SoftwareEngineering #Programming #SoftwareDevelopment #EmilWareus #Debricked

Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
Sign up for updates and specials at https://gotopia.tech/newsletter

SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConf...

Watch video Using GraphDB Technology to Resolve Transitive Vulnerabilities at Scale • Emil Wareus • GOTO 2022 online without registration, duration hours minute second in high quality. This video was added by user GOTO Conferences 09 May 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 23,59 once and liked it 7 people.