This 11-minute Linux Foundation talk explores practical programs for optimizing dependency management at scale, using Salesforce's Bazel-built monorepo as a case study. Discover effective strategies including implementing single version policies with exceptions, setting up multi-point vulnerability scanning systems, identifying prohibited licenses, detecting outdated libraries and duplicate classes, establishing preemptive library blocking mechanisms, and determining when vendoring becomes necessary. Speaker Peter Laird shares real-world insights that can help organizations better manage their dependencies in large-scale development environments.
Related Courses
-
Finding the Exact Version of External Dependencies
-
How Uber Manages Go Dependencies with Bzlmod
-
Monorepo Madness - Dependencies, License Compliance, and Automation
-
How to Automate Target Dependencies in BUILD Files with Gazelle - Stripe's Approach
-
Trials and Tribulations of Updating Dependencies for Vulnerability Remediation
-
Managing Vulnerabilities in Open-Source Dependencies
