If you want to build a CI/CD process for a large project, you will inevitably face the problem of dependency management. In the real project, there are a lot of dependencies for which updates are constantly being released. It's impossible not to update often (vulnerabilities, critical bugs) but each change can introduce new defects. Sisyphean toil, right?
In this talk Oleg will talk about what tools for controlling and managing dependencies are available for developers. We will talk about bots for an automatic update for dependencies (Dependabot) and how to prevent dependency hell using Maven tools (Maven Enforcer Plugin, etc.) and Bill of Materials. After that, we will combine all components into a single pipeline.
Engineer at CloudBees, core team member in the Jenkins project. Since 2008 works in the areas of automation, infrastructures, and frameworks for mixed software-hardware projects, with the help of Jenkins and dozens of other tools. Oleg writes code, maintains Jenkins core and plugins, and organizes meetups and other community events.
