Most of the "dependency hell" tools out there (npm, maven) so have integrated checks that warn you or there are plugins to update dependencies. Even if your team wants to stay fixed to a certain version, make the pipeline display big fat warnings if there is an update available. Insist that they immediately apply this update and push to prod.
Notices by Simon Michalke (simon_m@infosec.exchange)
-
Embed this notice
Simon Michalke (simon_m@infosec.exchange)'s status on Friday, 24-Jan-2025 19:13:24 JST 
Simon Michalke
-
Embed this notice
Simon Michalke (simon_m@infosec.exchange)'s status on Friday, 24-Jan-2025 19:13:24 JST
Simon Michalke
It is a bad buzz word, but "zero trust" in its original form does make sense. Isolate the services enough from each other to avoid spreading if one of it gets pwned.
Also being picky what kind of software you use is really helpful. I always annoy my colleagues with "always use the latest major version automatically. What? You do not trust this software to not break on minor upgrades? Then we should not use it in the first place"
Stuff breaking on automatic upgrades is my favorite indicator for broken software that should be avoided.
-
Embed this notice
Simon Michalke (simon_m@infosec.exchange)'s status on Saturday, 13-May-2023 07:20:23 JST
Simon Michalke
R.I.P. weeaboo.space
All GNU social JP content and data are available under the