In today’s software ecosystem, the inclusion of dependencies in applications is practically a given. The use of dependencies has many benefits in terms of team velocity and business value, but they also come packaged (pun intended) with risks, most notably security-related ones. It is often suggested that "shifting left" is the best method to combat security risks in dependencies such as vulnerabilities, but this only catches vulnerabilities that have already been introduced. Implementing measures and best practices to prevent them from entering applications in the first place would be a more holistic approach. It is true that not all vulnerabilities can be prevented, but the latest research shows that the vast majority of publicly disclosed vulnerabilities can be. In this presentation, you’ll learn about best practices for managing your dependencies and how to reap their benefits in your applications, without compromising on security or velocity.