main

Chapter 1: Why Dependency Management is a thing? (use better words)

  • Describe the history of dependency management in Terraform and Golang. (Terragrunt, dep, etc)
  • Describe breaches that occurred due to poor patch management, version update protocols.
    • Relate that back to the risk of breaches in Terraform code.

Chapter 2: How to manage dependencies?

  • Semantic versioning overview
    • Version constraints
    • What are the constraint operators?
    • Boolean satisfiability problem. re: sat solvers
  • Lock files
    • Why do we need them?
    • What do they look like?
  • Dependency metadata and distribution
    • The state of Terraform private registries.
    • Provide an overview of the remote service discovery process.

Chapter 3: The easy button

  • Dependabot configuration
    • demo example configuration on a private Terraform registry.
    • demo example configuration on a Go mod project.
  • Provide an overview of the log output page and how to see what’s happening.

Final thoughts

  • Describe how the community can contribute:
    • Describe useful info to provide in defect reports. (emphasize public reproductions of defects)
    • Describe SECURITY.md and how maintainer security advisories work.