Dependency Management

Introduction

Effective dependency management is crucial to maintaining secure and compliant software. It involves controlling which dependencies are packaged into your software, ensuring they comply with licensing requirements, and using only approved software.

• Control over what dependencies are included in your software

• Compliance with licensing requirements for all dependencies

• Usage of software only with approved licenses

• Dependencies may include Docker base images, third-party libraries, and other source code

Implementation of this control

During the build process, dependencies such as Docker base images, third-party libraries, and other source code components are recorded as part of the software bill of materials while maintaining binary provenance. These dependencies are defined and tracked in the source code at both the application level and, if relevant, at the Docker image level.