Eclipse Foundation Security Training 2025 - Managing Dependency Risks

Learn to assess and manage security risks in project dependencies through this 13-minute training video from the Eclipse Foundation Security Training 2025 series. Explore real-world supply chain security threats including the XZ and Log4j incidents, and discover how these vulnerabilities impact software projects. Master the evaluation process for new dependencies using tools like the Best Practices Badge to make informed decisions about third-party code integration. Understand how to implement proactive security measures using Dependabot for automated dependency monitoring and updates. Examine security alert systems and develop skills for triaging alerts to make informed decisions about vulnerability responses. Practice automating dependency updates while maintaining project stability through version management strategies. Access practical guidance for ongoing maintenance of dependency security and utilize getting started resources and handbook links for continued learning in supply chain security management.