Patent attributes
A computing system identifies a third-party dependency to be added to a codebase. The third-party dependency is hosted on a third-party server. The computing system downloads the third-party dependency within a secure runtime environment. The computing system generates a signature value for the third-party dependency. The computing system compares the signature value to a database of signature values of approved third-party dependencies. Upon determining that the signature value does not correspond to any signature values of the approved third-party dependencies, the computing system executes the third-party dependency within the secure runtime environment. The computing system monitors the execution of the third-party dependency within the secure runtime environment to identify suspicious activity. Upon determining that the third-party dependency is not exhibiting suspicious activity, the computing system adds the signature value to the database of signature values of approved third-party dependencies.