Tuesday Oct 4
13:50 –
14:40
Cinema 1 (First floor)

Using Graph Database Technology to Resolve Transitive Vulnerabilities at Scale



This video is also available in the GOTO Play video app! Download it to enjoy offline access to our conference videos while on the move.

Available in Google Play Store or Available in Apple App Store




Fixing vulnerabilities in your open source dependencies may seem easy enough at a glance, just update right? Wait! The vulnerability was introduced from an indirect dependency, how can I update that? Updating transitive dependencies can be a tricky challenge, as you don’t want to break your dependency tree and still find a suitable update that doesn’t bring about too many breaking changes. It turns out that this is a stellar challenge for Neo4j and its Graph Database and Alogrithms.

In this talk, the speaker will go into detail about how a full graph of all open source interdependence was created, and how it can be used to accurately resolve vulnerabilities in the complex tree-structures that is the reality of modern software development. No more dependency confusion!