Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping their dependencies up-to-date was very time-consuming but something they identified as crucial for their business.
They have since had great success in automating much of this process, which is why I wanted to share their success and help inspire others to achieve similar outcomes.
Today, development teams have a huge array of responsibilities. Once upon a time, a developer simply had to write code. But in this new open source world with so many different tools, clouds, architectures, processes, and deployment options, more is being asked of development teams than ever before.
All of this can be overwhelming, so no wonder any new process and technology is met with resistance from development teams. This leads me to the next responsibility coming the developer’s way: open source dependency management.
What Is Dependency Management?
Before we all started sharing open source code over the internet from repositories like Maven Central, dependency management was not such a big issue, as all the code in our applications was built in-house.
Nowadays, most development teams leverage this huge resource of open source code. Up to 90% of the code in new applications is open source. While that has allowed development teams to innovate at a very fast pace, we need to make sure that the code we didn’t write in our applications is not going to cause issues later down the road. If that does happen, it can be catastrophic for a development organization and company.
Dependency management is important, and while I could write a whole article on why that is, the main reasons for keeping your dependencies up-to-date is to:
