DigiNews

Summary

The post argues that dependency tracking for curl/libcurl is inherently difficult because they are not part of a formal ecosystem, causing SBOMs and scanners to miss them. It uses examples like OS packaging and GitHub dependency views to illustrate the visibility gaps and calls for broader visibility of dependencies beyond standard package managers.