👐Know your Open-Source dependencies

Open-Source is everywhere, its probably in your projects and products, way more than what you might think. 70 to 90% of software stack is composed of Open-Source software. Yes its eye-opening. Often we are focussed on the single application that is differentiating the product and that is right to have higher priority, since it brings the revenue. However, knowing the size of ship on which this application is thriving is as important.

Take an account of Open-Source dependencies will reveal risks e.g. one package which has lost its maintainer which is heavily used by the application. Old and stale versions of other Open-Source packages.

It is not just the direct dependencies, but also indirect and transitive dependencies which will impact the products.

Investing in creating this dependency picture will probably give quality information on the creating an effective strategy around your products with respect to Open-Source which you do not maintain or own.