Detecting GitHub Repository Vulnerabilities with Graph Databases

About the talk

When log4j vulnerability CVE-2021-44228 exposed many Java servers to possible exploitation, companies and engineers were looking for a solution to check whether their software was exposed to such vulnerability.

We can visualize our software structure as a graph of dependencies and detect which components are exposed to the CVE security issues. Dependencies to the other repositories, libraries, and projects increase the complexity of this analysis, but they can be represented and visualized using graph technology.

About the speaker

Goran Cvijanović has 20+ years of experience in information technology with more than 15+ years in database systems integration, migration, and tuning. He is an Oracle and Microsoft databases specialist and worked on open source databases technology selection, deployment, integration, and optimization.

He implements and tunes database clusters for top performance. Scaling and optimizing to gain more performance from databases like ScyllaDB and ClickHouse is what he loves to do. He always has a couple of tricks up his sleeve to make his solutions even better. He designs a modern Big Data BI system for operational and management support of the company's core business.

Goran noticed that graph databases could improve his solutions, so he used the graph database cluster to speed up querying over 50 billion nodes and 400 billion relationships in the dataset.

Language

The plan is to hold the presentation in Croatian, but if there are attendees who don't speak Croatian, Goran will switch to English.