This session will focus on what a secure Drupal 8 distribution should look like, and how to use Composer to build, package and deploy a Drupal 8 site.
In a Drupal 8 site, the only code in the repository will be custom code - everything else is defined as a dependency. This makes it clear what the audit surface is. If it's in the repository, it's custom-code. Everything else is added via our composer.json file.