When you think that npm and NuGet didn't exist before 2010, using public libraries as building blocks of custom software has become a common practice in a very short time. Of course this shouldn't surprise anyone since the productivity gains of using public libraries are very attractive. However, with the good, often comes the bad.
A key downside of using these public libraries in custom software, is introducing unknown vulnerable components into the end product. Of course, the more public packages used, the larger the opportunity to introduce vulnerable points into software.
That's why Inedo is ecstatic to be partnering with Vör Security. The Partnership between Inedo and Vör Security allows ProGet users to integrate vulnerability scanning as part of their package management, ensuring that compromised components aren't used in software development.
In this webinar, Ken is covering just how common vulnerabilities are, how to use Vör Security and ProGet together to ensure your components are free of known vulnerabilities, and how to assess them quickly when they are found. He follows up with a Q&A session to respond to any questions had during the demo.
Anyone who is interested in managing vulnerabilities within their Universal Package Manager, with a mind for DevOps best practices.
Ken Duck is CEO and founder of Vör Security, whose open source tools scan your packaging software or platform products and cross reference them against various vulnerability databases. This keeps you up to date with any known security issues in your software's building blocks.