Tens of millions of new open source code repos, and millions of new open source packages are created every year. The number of dependencies that any individual package has been increasing as well. How do you keep track of these packages? How do you know if they’re safe? How do you know if their dependencies are safe? This problem grows increasingly more complex as the transitive dependency complexity increases.

Learn the risks of packages and the transparency you should be looking for in the packages you use to understand how to de-risk your use of open source packages and better understand the transitive supply chain of those packages. Also learn how you can use open source tools, services, specifications, and best practices like GUAC, SLSA, OSV, SBOMs, S2C2F, deps.dev, scorecard, and others to track and apply this understating and make better informed decisions on the software you ingest and depend on.