This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Does Apigee provide any assurance around security vulnerabilities in OSS or 3rd-party libraries used

Posted on 07-27-2017 03:31 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Does Apigee provide any assurance around security vulnerabilities in OSS or 3rd-party libraries used in Apigee Edge?

For example, tools such as OWASP Dependency Check or https://snyk.io/

0 2 349
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
davissean
Staff
Reply posted on --/--/---- --:-- AM

It is very common to build tools like this into your Continuous Integration pipeline. For example adding a Maven build step to use Snyk to check the versions of node_modules that you are using in your proxy, and failing if there are any issues.

Or are you referring to the open source components such as nginx, qpid and zookeeper?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to davissean
Reply posted on --/--/---- --:-- AM

Thanks Sean, yes, we would certainly use such tools to check any dependencies when developing our own proxies and backends, but I'm referring to the Apigee product itself so the components you mention and any other libraries which Apigee Edge has been built with.

0 Likes