What lurks beneath the surface of the modern codebase? Often, the answer is thousands of unvetted and potentially insecure open source dependencies. Come on our journey of creating scalable tooling and processes to automatically identify vulnerabilities in these packages and handle the question of “ok we found this, who’s going to fix it?” We will share lessons learned and thoughts on how our experience can help your security org tackle this common problem.