Moderne apps bruger mange third-party dependencies (libraries, packages), som kan indeholde vulnerabilities eller være ondsindet. Håndtering af dependency sikkerhed — scanning, opdatering og evaluering af dem — er vigtig, da vulnerable dependencies er en almindelig angrebsvektor (OWASP).
Risikoen: dependencies er en del af dit angrebsflade
Apps depend on MANY third-party packages (and their transitive dependencies):
→ a vulnerability in ANY dependency is a vulnerability in YOUR app
→ "using components with known vulnerabilities" is an OWASP Top 10 risk
→ MALICIOUS packages (typosquatting, compromised packages) — supply chain attacks
→ you're trusting/running a lot of code you didn't write.
