aws-cdk-rfcs icon indicating copy to clipboard operation
aws-cdk-rfcs copied to clipboard

Published 20 hours ago verified publisher icon aws

CDK third-party dependencies management

Open skinny85 opened this issue 3 years ago • 2 comments

Description

The CDK depends on many third-party open-source libraries. Because of that, it needs to manage what happens when a security issue is found in one of them, and how do we defend against supply chain attacks.

Roles

  • Driver (drives the proposal to completion): @skinny85
  • Approver(s): (assigned by CDK team)

skinny85 avatar May 03 '21 22:05 skinny85

What is the proposition here? Sounds interesting.

niebloomj avatar Jan 11 '22 15:01 niebloomj

I reckon this issue should raise the question about AWS funding these 3rd party tools in a business partnership model. A tool like @feross @SocketDev could really shine here, but again, a funding and license model is key.

sholtomaud avatar May 28 '22 04:05 sholtomaud

Marking this RFCs as stale like the associated PR. We appreciate the effort that has gone into this proposal. Marking an RFCs as stale is not a one-way door. If you have made substantial changes to the proposal, please open a new issue/RFC. You might also consider raising a PR to aws/aws-cdk directly or self-publishing to Construct Hub.

mrgrain avatar Oct 18 '23 19:10 mrgrain