Dependency Management
Mend.io and GitHub Partner to Bring Mend Renovate Cloud to Open Source Maintainers
Mend.io expands Renovate Cloud's OSS plan for GitHub Maintainer Month 2026 ...
The Hidden Security Risks in Open-Source Dependencies Nobody Talks About
Open-source dependencies introduce hidden risks, from transitive vulnerabilities to supply chain attacks. Learn how to reduce exposure ...
Building a more secure npm ecosystem with Mend Renovate
See how Mend Renovate is strengthening npm ecosystem security ...
Automatically Update Dependencies in Maven: A Step-By-Step Guide
Learn how to automate updating Maven dependencies. Discover manual, CLI, and Renovate methods to keep your project up to date ...
Mend Renovate Enterprise Cloud: Dependency Updates at Scale
Announcing the launch of our cloud-based solution for automated dependency updates ...
Vital Signs of Software Dependencies: Understanding Package Health
Learn how package health data empowers developers to update safely and efficiently ...
Dependency Management: Protecting Your Code
Learn how to protect your application’s code with dependency management, and why automation is critical for effective dependency updates ...
‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE
Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ...
Dependency Management vs Dependency Updates: What’s the Difference?
Keeping dependencies up to date is a big part of dependency management, but it's not everything. Learn more about the differences between the two ...
Python Developers Targeted Via Fake Crytic-Compilers Package
As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) – a platform used widely by developers to find and distribute Python packages. A malicious package ...
