Dependency Management

Going beyond metadata: Why we need static analysis when prioritizing vulnerabilities

Plugins to package managers primarily rely on making recommendations to developers by analyzing build manifests in projects. Metadata analysis is typically insufficient for making quick decisions on whether a project is affected by a security or performance bug. Hundreds of hours goes into testing and manual code reviews to determine whether a project is affected.

Our Partners

No items found.

No items found.

No items found.

No items found.