Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Capslock: Escaping Bad Dependencies

Linux Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical topic of package security and dependency management in this 38-minute conference talk by Jess McClintock from Google at the Linux Foundation event. Dive into the concept of Capslock, a CLI tool designed to analyze Go package imports at the callpath level. Learn how restricting package permissions and capabilities can mitigate potential attack vectors, including recent incidents involving malicious code insertion through third-party libraries. Understand the importance of the principle of least privilege within the ecosystem and how increased scrutiny on dangerous capabilities can enhance overall security. Discover how Capslock's approach, inspired by mobile phone permissions systems, helps reduce false positives and prevent alert fatigue by providing more focused and accurate signals. Gain insights into the tool's functionality and its availability for Go on deps.dev, with future support planned for additional programming languages.

Syllabus

Capslock: Escaping Bad Dependencies - Jess McClintock, Google

Taught by

Linux Foundation

Reviews

Start your review of Capslock: Escaping Bad Dependencies

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.