How do you convince yourself to adopt the latest and greatest third party tools when you are responsible for processing over $100 billion? Through this talk we will explain how we developed a workflow where we could use the latest node packages while still avoiding a potential danger.
Description Adyen is risk averse by the very nature of the business it is in, hence the concern of introducing a third party package/service in our ecosystem. Since we cannot just sit on the sideline and avoid the new tools so we developed a workflow to make sure that we shield ourselves from the mayhem caused by rouge packages and also not keep our developers devoid of the good and shiny tools. This talk will be composed of the below major topics: Why are we risk averse by nature A peek into the business we are in and why do we need to take certain measures to stay compliant. How did we make the transition on our front-end stack to use npm packages on client side
When our in-house, secure, dependency management tool, Skantek (which can be plugged with npm audit and also tools like synk), was still a work in progress, how did we leverage orchestration to continue building future features for our product using the npm packages How does our current workflow looks like and what are we doing to improve it Details about Skantek including the stuff we care about when we are scanning packages, how are internal registry is setup, what happens when we find a rouge or zombie package and the things we are working on to improve it.
Dushyant is a Full Stack Developer at Adyen who loves all things Web Development and Finance. Twitter: https://twitter.com/dushcodes Blog : https://medium.com/@dushyantsabharwal