As recent events, such as the leftpad incident and the Equifax data breach, have demonstrated, dependencies on networks of external libraries can introduce projects to significant operational and compliance risks as well as difficult to assess security implications. FASTEN introduces fine-grained, method-level, tracking of dependencies on top of existing dependency management networks. In our talk, we will present how FASTEN works on top of the Rust/Cargo and Java/Maven ecosystems.
Software dependencies are a hot topic in today's open source ecosystems and of critical interest for developers. This talk will provide valuable content to open source developers and maintainers, who regularly face this kind of issues.