Highest Voted 'dependency-management' Questions

14

votes

2 answers

Does `npm audit` add any value when using `dependabot`

Context There are multiple ways to scan projects for vulnerabilities. Dependabot can be configured to check repositories for issues, and automatically submits pull requests to resolve. NPM Audit will scan the packages used in an NPM solution for…

asked Jul 17 '20 at 13:57

JohnLBevan

315
1
3
11

12

votes

1 answer

What is recommended to document an IT technology stack, including their relationship to one another, in a graph database?

Working for a large company with over 500 IT staff and over a 1,000 servers, with each server running its own business applications, we have a tremendous information and co-ordination challenge in knowing which IT staff member to contact for which…

automation toolchain dependency-management open-source

asked Aug 21 '17 at 18:48

Grant Durr

156
6

7

votes

2 answers

Constructing Dependencies from a Pillar in Saltstack

I'm trying to create a dummy state in Salt to pull dependencies from a list derived from a pillar. In my top.sls file, I have: base: '*': - components Then, in components.sls, I have: {% if 'components' in pillar.items() %} include: {% for…

dependency-management salt jinja templating

asked Apr 18 '17 at 16:56

Michael Mol

1,045
1
8
19

6

votes

1 answer

Build Design - Docker vs Fedora's Mock

This post is migrated from a reddit post. Parts in bold are to adopt it to SE's format. I'm talking with companies to help streamline/combine their build process. They must do it together and their current processes are scary. We've convinced…

docker docker-compose builds dependency-management

asked Mar 09 '18 at 19:04

scott

466
4
11

5

votes

2 answers

How to manage Free and Open Source Software dependencies?

We exist in an increasingly complex ecosystem of Free and Open Source Software, FOSS, and it's dependencies. Having done a bit of analysis on one medium size project there are over 1,500 dependent software packages, not counting different versions…

dependency-management open-source build-pipeline

asked Apr 03 '17 at 15:11

Richard Slater

11,747
7
43
82

4

votes

1 answer

Using requisite injection to order states

Given three states, /root/a, /root/b and /root/c, I want /root/c to execute before /root/b, and /root/b to execute before /root/a. Given a Salt SLS file salt://ordertest/init.sls: /root/a: file.managed: - source: salt://ordertest/a - user:…

configuration-management dependency-management salt

asked Apr 19 '17 at 18:06

Michael Mol

1,045
1
8
19

3

votes

2 answers

Mitigating Maven Central risks as seen from the DevSecOps perspective

AFAIK there are two official primary repositories for Maven packages (Java language): search.maven.org offered by Sonatype Inc. mvnrepository.com offered by a private person @frodriguez Now obviously it makes sense to have a complete archive for…

culture security java devsecops dependency-management

asked Feb 27 '18 at 08:36

Ta Mu

6,792
5
43
83

3

votes

1 answer

Why do companies use JFrog Artifactory or other repositories instead of Maven central repository?

I have usually seen that when someone uses Maven on a company network to download dependencies, then user is redirected to the JFrog Artifactory or any other, instead of downloading dependencies from official Maven Central Repository. What's the…

build-pipeline builds maven artifactory dependency-management

asked Apr 19 '21 at 03:37

jerry383

31
3

2

votes

1 answer

What package managers are supported on Microsoft hosted agents with CMake enabled?

Here, I can read that it is possible to setup a CMake build on a Microsoft hosted vsts agent. What C++ package managers (e.g. Conan) are supported for these agents? It would be great if at least one of these package managers is supported:…

azure-devops dependency-management azure-pipelines

asked Jun 28 '18 at 07:48

Daan

131
3

1

vote

1 answer

Best practices for managing Github actions + workflows in an organization?

In my organization, we have more than a hundred repos, most of them use their own workflows but also reusable workflows that are located in a designated repo, that also holds all of our self made composite actions. The thing is, it is getting hard…

github github-actions dependency-management organization

asked May 30 '23 at 07:46

RotemGT

11
1

1

vote

1 answer

Cannot understand jenkins deployment error

I am new to jenkins, and i am trying to make a deployment into a remote serve, but i am getting the following error: Current dependency:com.vmd positionWatchLoader latest.integration :: loading settings :: file =…

jenkins deployment dependency-management ant

asked Aug 02 '20 at 03:58

rainman

121
4

0

votes

0 answers

Ever Since I updated Docker, my dependency-track instance abends on startup

My team runs a local Docker instance on one of its scratch PCs, and for the last year and a half, I've been using it to do SBOM analysis using Dependency-Track. Last week, I successfully ran an analysis and captured it for my team. Then I noticed a…

docker dependency-management

asked Jan 27 '25 at 20:25

BelaOxmyx

1

0

votes

0 answers

How can I ensure Helm doesn't install a dependency twice?

If I have a chart, say ChartA, that has a dependency on ChartB, I want to only install ChartB if it hasn't been installed already. Why? Let's say I run 2 copies of ChartA, and they both need a special server in ChartB, but that server is meant to be…

kubernetes helm dependency-management

asked Apr 16 '20 at 20:38

stix

79
4

Questions tagged [dependency-management]