Learn how GitHub's Dependabot secures Python dependencies through advisory databases in this 18-minute conference talk from the SF Python meetup. Explore the inner workings of Dependabot's security analysis system as GitHub Security Lab analyst Jon Moroney explains how the tool collaborates with the community to maintain comprehensive security alerts. Gain insights into the maintenance and quality assurance processes of the advisory database that helps protect Python projects from vulnerabilities. Discover the mechanisms behind dependency alerts and understand how GitHub ensures users receive accurate and timely security notifications for their Python dependencies.
Overview
Syllabus
Jon Moroney - How Dependabot Applies Advisory Databases to Python - SF Python @GitHub (2023-11-15)
Taught by
SF Python