Life After log4shell - The Dependency Graph

A year after the log4shell incident and with the focus on Software Supply Chain Security growing, we’ll walk you through our journey detailing the incremental investments we made over the years that allowed us to remediate log4shell (within 24 hours) across our entire fleet of builds in Maps.

We’ll also share how standardizing on a common software development lifecycle through our Unified Build platform and how integrating with Gradle Enterprise provided the foundations for impact analysis, global remediation, and automated dependency propagation at scale when faced with security vulnerabilities in our JVM services.

Finally, we’ll look at how investments into a custom SBOM pipeline designed with build-dependency analytics in mind are paving the way toward visualizing our global dependency tree and automating the dependency update lifecycle, eliminating another common developer productivity challenge.