Add dependency slide #36

pintergreg · Nov 17, 2024 · a32beb6 · a32beb6
1 parent ca95388
commit a32beb6
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/lectures/16_automatization.md b/lectures/16_automatization.md
@@ -560,7 +560,7 @@ just decrease the work by automatizing trivial tasks
     - Apple's "goto fail" issue is officially called CVE-2014-1266
 - GitHub [Dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide)
     - uses package manager
-    - e.g., cargo (Rust), npm (JS), nuget (C#), maven (Java), pip (Python)
+    - e.g., cargo (Rust), npm (JS), nuget (C#), maven (Java), poetry (Python)
     - checks dependencies for vulnerabilities
 
 :::::::::
@@ -602,6 +602,23 @@ GitLab also has a similar solution
 :::
 
 
+## dependencies
+
+:::::::::::: {.columns}
+::::::::: {.column width="60%" .mt-4}
+- choose carefully the software packages / components your software will depend on
+- use well maintained software modules
+- unmaintained modules have potential vulnerabilities
+- aim for loose coupling regarding the dependency
+    - makes it easier to replace if needed
+:::::::::
+::::::::: {.column width="40%"}
+![[Dependency](https://xkcd.com/2347/) by Randall Munroe | [CC&nbsp;BY-NC&nbsp;2.5](https://creativecommons.org/licenses/by-nc/2.5/)](figures/borrowed/xkcd/dependency_2x.png){width=350}
+
+:::::::::
+::::::::::::
+
+
 # interruption
 
 :::::::::::: {.columns}

diff --git a/lectures/figures/borrowed/xkcd/dependency_2x.png b/lectures/figures/borrowed/xkcd/dependency_2x.png