We all love scaffolders like Spring Boot Initialzr. It creates a brand new app with all the latest versions of the libraries we need to get going, enabling us to build awesome applications quickly. But after creating our initial application who is responsible for the dependency management and what happens over time when new features get added. How can we make sure this large proportion of your application gets the attention and testing needed to ensure we deliver and maintain a secure and functional application. In this session, we look at the best practices of how to build a proper dependency management strategy. How to pick your application dependencies, keep them up to date, and clean out manifest files with tons of dependencies. And maybe even more important, what are the consequences of not being on top of this?
Developer Advocate for Snyk and Software Engineer with over 10 years of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. Brian is an Oracle Groundbreaker Ambassador, Utrecht JUG Co-lead, Virtual JUG organizer and Co-lead at MyDevSecOps. He is a regular international speaker on mostly Java-related conferences like JavaOne, Oracle Code One, Devoxx BE, Devoxx UK, Jfokus, JavaZone and many more. Besides all that Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.