Skip to content

Art deco blueprint room with technical drawings

Reference

Quick-access resources for when you need to look something up.

At 3 AM

Reference sections exist for the moments when you've forgotten something important and need the answer now. I've needed everything in here at some point—usually at 3 AM during an incident. Bookmark the pages. Print the checklists. Future you will be grateful.

What's Here

  • Checklists

    Actionable checklists for common tasks: evaluating dependencies, updates, container security, releases.

  • Tools

    Reference guide to tools for dependency analysis, SBOM generation, vulnerability scanning, and reproducibility.

  • Glossary

    Definitions of terms used throughout this guide. Common terms also appear as tooltips.

  • Further Reading

    Books, standards, frameworks, and organizations for deeper exploration.

  • Sources

    Bibliography of citations referenced throughout the guide.

When You Need to Evaluate a Dependency

  1. Check the New Dependency Checklist
  2. Review Evaluating Dependencies for the framework
  3. Use Tools: Dependency Analysis for inspection

When You Need to Respond to a Vulnerability

  1. Check if you're affected using your SBOM (see SBOM chapter)
  2. Follow the Vulnerability Response Workflow
  3. Update using the Dependency Update Checklist

When You're Starting a New Project

  1. Review The Build Environment
  2. Set up dependency management (Versioning and Lock Files)
  3. Configure vulnerability scanning (Security Practices)
  4. Consider ecosystem-specific guidance in Appendices