Technology Radar
Published : Sep 27, 2023
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Sep 2023
Assess
确保软件供应链的安全已成为交付团队普遍关心的问题,这也反映在该领域的工具和技术数量不断增加,而一些工具和技术我们在之前的雷达中也进行了介绍。在软件开发过程中使用基于 GenAI 的工具日益普及,这也引发了一种新的软件供应链攻击媒介:包幻觉。我们认为在开发过程中使用 GenAI 工具的团队需要重视这类风险。团队可以 通过对依赖进行健康检查化解包幻觉风险 :在选择依赖之前查看它的创建日期、下载数量、GitHub 评论及星标数、贡献者数量、活动历史记录等。一些依赖健康检查可以在包存储仓库和 GitHub 上执行,而像 deps.dev 和 Snyk advisor 等工具也可以提供帮助。尽管依赖健康不是一项新技术,但随着团队在软件开发过程中越来越多地尝试 GenAI 工具,该实践正在获得新的关注。
