Fixing the Dependency Confusion Vulnerability in 600 Ruby Apps (2022)
Shopify has grown significantly over the years, and our success makes us an attractive target for malicious actors. We take the safety of our merchants seriously, so we have a good reason to continuously improve the security at Shopify. I’ll share how the Ruby Conventions team, which focuses on creating conventions to make Ruby services sustainable, used an iterative approach to solve complex problems at scale while responding to shifting circumstances. In particular, how we solved the dependency confusion vulnerability in over 600 Ruby applications, developed tooling that allows us to do large-scale migration with ease, and made the Ruby community a bit safer.
Fixing the Dependency Confusion Vulnerability in 600 Ruby Apps (2022) #ruby #rubydeveloper #rubyonrails #vulnerability https://rubyonrails.ba/single/fixing-the-dependency-confusion-vulnerability-in-600-ruby-apps-2022
Nezir Zahirovic
Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)
