DEV Community

Cover image for Thoughts on the software supply chain (GitLab)
Volker Schukai
Volker Schukai

Posted on β€’ Edited on

2 1

Thoughts on the software supply chain (GitLab)

I know this is a dry subject, but we have to get through it now.

The Register reported

As The Register reported, GitLab wants to delete repos.

When I read that, I thought to myself:

At first, that doesn't sound so tragic.
It should only hit repos that are no longer maintained.
And so many projects don't use GitLab.com yet.

But if you have software that relies on that code, you won't be able to build your product. And what if Microsoft (Github) does the same?

And of course, GitLab has the right to do this to reduce costs. But it is still hard.

But what does it mean for your software.

The software supply chain includes everything we use in the development of software. Be it images for icons or the library for calculating statistics.

Many ecosystems use repositories to distribute and manage code.

Node has npm or yarn, php has composer and go can load software directly or via Google.

For example, many node projects only store the package.json and not the actual packages.

Software components often depend on platforms and systems that we cannot control.

Yes, there are some mirrors, but the resilience is not very high.

When using npm install or go get we should consider what happens when this code is no longer available.

Let's see if GitLab follows through or backs out.

In our company, we have all external software available in source code.

Are you taking care of the software supply chain? What measures are you taking.

References

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

πŸ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay