@GossiTheDog How is that related to DevOps though? Secure development lifecycle is the responsibility of the developer who decides to integrate the 3rd party component, not the team who makes it scale up. Or am I missing something?!
@GossiTheDog Still, isn't the vulnerability introduced by using a 3rd party component on the source level? My understanding is that the choice of these are up to software developers, and not DevOps...
@GossiTheDog This might be a very dumb question, but why on earth are randos allowed to push shit into the project without any review system in place whatsoever? I feel like some extremely basic setting changes would prevent this from happening?
@GossiTheDog That seems like both a gross misunderstanding of what devops is, and a fault entirely caused by whoever set up said software repository. I learned how to avoid this shit within a few months of my first year as a dev student, anyone who's responsible for an opensource repo and doesn't know that is obviously unfit 😂
Add comment