Skip to main content
  • Log in
  • Manage Cookies
EclipseCon - Eclipse Foundation
  • Conference
    • News
    • Registration
    • Program Schedule
    • Program List
    • Community Day
    • Keynotes
  • Sponsors
    • Our Sponsors
    • Sponsor Testimonials
    • Be a Sponsor
    • Sponsor Guidelines
  • Community
    • 2021 Speakers
    • Speaker Guidelines
    • Code of Conduct
    • Community Resources
    • Conference Guide Documents
  • About Us
    • EclipseCon 2021
    • Program Committee
    • The Eclipse Foundation
    • Past Conferences
    • Other Events
  • Code of Conduct
  1. Home
  2. EclipseCon
  3. EclipseCon 2021
  4. Sessions
  5. Taking dependency management to the next level with call graphs!

Taking dependency management to the next level with call graphs!

Session details
Status: 
Accepted
Speaker(s): 
Antoine Mottier (OW2)
Experience level: 
Beginner
Tags: 
dependency management
package manager
security
floss
graph
Session Track: 
All Things Quality
Session Type: 
Standard

The software you are building has probably several dependencies and also an additional bunch of transitive dependencies.
Keeping all dependencies under control is key to ensure your application security, quality, and more.
Today some tools are helping you to manage your dependencies, and they are great, but they also have an important limitation: they lack accuracy.

In this talk I will cover how FASTEN project aim at giving more accurate dependencies insight by bringing evolutions to the existing dependencies managers (such as Maven, Pip, etc.) by leveraging functions call graphs done across the whole ecosystem (e.g. Maven Central).
You will learn how it can reduce false positives in reports that are recommending dependencies updates or detect issue at built time rather than at runtime.
So if you are overwhelmed by constant notifications related to dependency upgrades, deprecation, etc. join me to find a solution!

More details about the project: FASTEN project is open source (Apache License 2.0) and founded by the European commission as part of Horizon 2020 program. It involved various universities, companies and non-profit organization. The source code is available from https://github.com/fasten-project/. Some technical documentation is available in the GitHub wiki: https://github.com/fasten-project/fasten/wiki. And more information about the project can be found on the project website: https://www.fasten-project.eu/. The goal of the project is not to replace currently available tooling that deal with dependency management but rather improve them by doing some low level analysis of dependencies (and dependencies relations).

Slides (External URL): 
https://docs.google.com/presentation/d/1jo_jVgoeslA3oKGa3v9SKJhbtjmNTarSHsR1BXZ1…
Objective of the presentation: 
Share knowledge regarding limitations of currently available dependency management tools and highlight how an actively developed open source project can improve the current situation. Give insights on the project development, challenge faced, and lessons learned.
Attendee pre-requisites - If none, enter "N/A": 
Basic understanding of dependency management.
Schedule info
Time: 
27 Oct 2021 - 16:50 to 27 Oct 2021 - 17:20
Room: 
Room 2

Comments Sign in to post comments

Angelika Wittek (Independent)'s picture

More informtion about FASTEN project

Submitted by Angelika Wittek on Mon, 2021-06-21 08:48

Hi Antoine,

can you please provide some more information about the FASTEN project? Is it open source, where can it be found?

Thanks
Angelika

  • Log in to post comments
Antoine Mottier (OW2)'s picture

Re: More informtion about FASTEN project

Submitted by Antoine Mottier on Wed, 2021-06-23 06:13

Hi Angelika,

I updated the description with more information about the project and links to relevant resources.

  • Log in to post comments

Elite Sponsors

Premium Sponsors

Basic Sponsors

Eclipse Foundation

  • About Us
  • Contact Us
  • Donate
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace
EclipseCon is brought to you by The Eclipse Foundation with the support of our sponsors.
Powered by Drupal and built on COD.

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top