ENISA Technical Advisory for Secure Use of Package Managers

Back to all publications

Cover image for the ENISA Technical Advisory for Secure Use of Package Managers

Download

Publication date:March 10, 2026

This document focuses on how developers can securely use package managers as part of their software development life cycle. In particular, this document, outlines common risks involved in the use of third-party packages, presents secure practices for selecting, integrating, and monitoring packages and describes approaches for addressing vulnerabilities found in dependencies.

Publication details

Related content

Voices of EU Cybersecurity Certification - Magazine cover by ENISA

Voices of EU Cybersecurity Certification

A special publication by ENISA that incorporates feedback from stakeholders involved in building, maintaining, operating, and applying the first EU cybersecurity certification schemes.

Managed Security Services Analysis cover featuring an illistration of a woman working on different screens with statistics

Managed Security Services Market Analysis

This report addresses the market for Managed Security Services (MSS) on both the demand and the supply side.

Public_Consultation_on_Specifications_for_EUICC_Certification.png

Public Consultation on Specifications for EUICC Certification under the EUCC scheme

ENISA has published specifications for the evaluation and certification of embedded Universal Integrated Circuit Cards (eUICCs) under the European Common Criteria-based cybersecurity certification scheme (EUCC).

Cyber_Resilience_Act_Requirements_Standards_Mapping.png

Cyber Resilience Act Requirements Standards Mapping - Joint Research Centre & ENISA Joint Analysis

To facilitate adoption of the CRA provisions, these requirements need to be translated into the form of harmonised standards, with which manufacturers can comply.

BROWSE ALL PUBLICATIONS

Cybersecurity Standardisation Conference 2024

2024 Mar 5

2026 European Cybersecurity Certification Conference

2026 Apr 15

Cybersecurity Standardisation Conference 2023

2023 Feb 7

CRA - Making the EU Market Resilient

2025 Oct 8

BROWSE ALL EVENTS

Call for Feedback: Advancing Software Supply Chain Security together!

News Item

ENISA invites industry stakeholders and interested parties to provide their feedback on the draft SBOM Landscape Analysis and the Technical Advisory for Secure Use of Package Managers.

EU Managed Security Services Certification to drive the cybersecurity market

Press Release

Following the request of the European Commission for the development of a candidate certification scheme for Managed Security Services, the EU Agency for Cybersecurity (ENISA) launches a call for expression of interest to participate in the relevant Ad

Cybersecurity Standardisation Conference 2025: Paving the Way for a Safer Digital Europe

News Item

The European Standardisation Organisations (ESOs) CEN, CENELEC, ETSI, together with ENISA, the EU Agency for Cybersecurity, successfully co-hosted the 9th Cybersecurity Standardisation Conference on 20 March 2025 in Brussels. 

European Cybersecurity Certification: Celebrating achievements and exploring future horizons

Press Release

At the eighth edition of the certification conference, the European Union Agency for Cybersecurity celebrates the first accredited Conformity Assessment Bodies for the EU Cybersecurity Certification scheme on Common Criteria (EUCC) .

BROWSE ALL NEWS