Edoardo Dusi Relatore

Edoardo è Developer Relations Engineer presso SparkFabrik, un'azienda che aiuta le organizzazioni a realizzare prodotti digitali con tecnologie open source. Ha un forte background di sviluppatore di software e team leader, lavorando su vari progetti e piattaforme. La sua passione è creare e condividere contenuti che istruiscano e ispirino altri sviluppatori, come discorsi tecnici, video, podcast, conferenze e altro ancora. Gli piace entrare in contatto con la comunità degli sviluppatori e promuovere i vantaggi del software open source.
  • When dependabot is not enough - protecting our software supply chain I bet if you have your source code hosted on GitHub, you may have Dependabot activated and tell you when there is a vulnerability. However, do you know what those alerts mean? When will you get alerts? Are there any alternatives to Dependabot that you may also consider? For most of the projects that are hosted on GitHub, it is very common to use Dependabot, which has become a GitHub-native app, for dependency vulnerability alerts. However, many of us have not put much thought into when we will get those alerts and is it sufficient to protect our project. If that is not enough, what are our alternatives? Are there more databases out there that provide such vulnerability information and any other tools that we can use? By the end of the talk, the audience will be educated about how vulnerability reports are handled and more attention will be put on dependency vulnerabilities. The audience will also know about other vulnerability databases and scanning tools available and will be able to make a suitable choice to use for their projects. By increasing awareness of supply chain security as a community, we will be able to provide safer code and software for the world. - 14:30/15:15, 08 Jun 2024