Third-Party Libraries
Third-party software is regularly integrated into custom code to easily add features and increase the speed to take a product to market. This practice comes at the risk of including unwanted or insecure libraries into the storefront code. Even SiteGenesis and SFRA include a number of third-party libraries. When incorporated into your custom code, they require close monitoring for potential issues and vulnerabilities.
To help prevent including potentially unwanted or vulnerable libraries in your storefront, follow these guidelines.
- Keep an inventory of required libraries for the correct operation of your storefront.
- Discard unnecessary libraries from your code base.
- Obtain third-party software from trusted, secure sources.
- Keep track of the specific version of each library you use.
- Review the libraries for known weaknesses regularly, and upgrade to secure and supported versions of those libraries.