Programu za kisasa hutumia utegemezi wa pande tatu wengi (maktaba, pakiti), ambazo zinaweza kuwa na mahanga ya usalama au kuwa mbaya. Kudhibiti usalama wa utegemezi — kuscanisha, kusasisha, na kuveta — ni muhimu, kwa sababu utegemezi wenye mahanga ni vekta ya kawaida ya shambulio (OWASP).
Hatari: utegemezi ni sehemu ya uso wako wa shambulio
Apps depend on MANY third-party packages (and their transitive dependencies):
→ a vulnerability in ANY dependency is a vulnerability in YOUR app
→ "using components with known vulnerabilities" is an OWASP Top 10 risk
→ MALICIOUS packages (typosquatting, compromised packages) — supply chain attacks
→ you're trusting/running a lot of code you didn't write.
