My team is looking to use Akka Streams, and the Alpakka Kafka connector in particular, for the first time within our organization. And my PM is asking now if this open-source software has gone through any sort of security assessment. He mentioned AppScan. I’m not sure how applicable that is. For me, the tooling that comes to mind is Black Duck’s offerings.
I responded to my PM that another org within our company is already using Akka Streams and Alpakka in production (and on a much larger scale than we plan to), so our manager asking him this question should check with them.
How else might I respond to him? Considering that these libraries are commercially supported by Lightbend, surely there are Lightbend customers who have asked a similar question.