JuliaCon 2026

Tracking active security advisories (like CVEs) is a critical requirement for many orgs to use and deploy code... but it can't work without the advisories themselves! The new SecurityAdvisories.jl database enables exactly that for Julia packages and their upstream artifacts (like JLLs). Building such a system in a manner that is both sustainable and manageable for thousands of packages is not trivial; I'll be discussing key factors in how it works and how package maintainers and users alike can make use of it.