Finding issues that matter in open source dependencies and fixing them without developer friction

Date: Tuesday, December 12 at 11am PT / 2pm ET

Software dependency scanners are generally very noisy and surface issues that are not always required to be fixed. This ends up slowing down the development process as fixing these issues usually involves breaking changes. This session aims to explore reachability analysis as the solution for prioritizing essential vulnerability fixes in open source dependencies. We'll demonstrate methods to promptly identify and address these issues within the developer workflow, ensuring swift resolution without impeding development progress.

Register now!

About the presenters:

Kyle Kelly, Security Researcher, Supply Chain Team at Semgrep

Kyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.

Duration: 1 hour

Your e-mail address is used to communicate with you about your registration, related products and services, and offers from select vendors. Refer to our Privacy Policy for additional information.