blob: a16f04b1647252e6624c171bbb754f8d740c6687 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# Chapter 1: Why Dependency Management is a thing? (use better words)
* Describe the history of dependency management in Terraform and Golang. (Terragrunt, dep, etc)
* Describe breaches that occurred due to poor patch management, version update protocols.
* Relate that back to the risk of breaches in Terraform code.
# Chapter 2: How to manage dependencies?
* Semantic versioning overview
* Version constraints
* What are the constraint operators?
- Boolean satisfiability problem. re: sat solvers
* Lock files
* Why do we need them?
* What do they look like?
* Dependency metadata and distribution
* The state of Terraform private registries.
* Provide an overview of the remote service discovery process.
# Chapter 3: The easy button
* Dependabot configuration
* demo example configuration on a private Terraform registry.
* demo example configuration on a Go mod project.
* Provide an overview of the log output page and how to see what's happening.
# Final thoughts
* Describe how the community can contribute:
* Describe useful info to provide in defect reports. (emphasize public reproductions of defects)
* Describe SECURITY.md and how maintainer security advisories work.
|
