Dependency Pinning

← Back to Software Supply Chain

Locking dependencies to exact versions using lock files (package-lock.json, Pipfile.lock, go.sum) to ensure reproducible builds. Pinning prevents unexpected version changes that could introduce vulnerabilities or break functionality.

Key Properties

Lock Files
Reproducible Builds
Version Pinning Strategies

supply-chain-security dependencies pinning

Software Engineering KB

Explorer

Dependency Pinning

Dependency Pinning

Key Properties

Graph View

Table of Contents

Backlinks