Actions in the Wild: Usability and Ease of Use of Open Source Security Tools

Watch a 22-minute conference talk exploring the implementation and effectiveness of open-source security tools within the Eclipse Tractus-X project. Discover how this Catena-X ecosystem initiative leverages GitHub's capabilities to automate security checks across 60 repositories through three active Special Interest Groups. Learn about practical applications of security-by-design principles, including Static Application Security Testing (SAST) with CodeQl, Software Composition Analysis (SCA) using Dependabot, and Infrastructure-as-Code (IAC) scanning with Trivy. Gain valuable insights into vulnerability analysis, real-world lessons learned, and best practices based on actual development scenarios. Understand the intricacies of Common Vulnerabilities and Exposures (CVE) scoring, Common Vulnerability Scoring System (CVSS) parameters, and how automated GitHub actions enable continuous vulnerability monitoring. Explore why CVSS scores may vary across different security databases and compare them with the National Vulnerability Database (NVD). Basic knowledge of GitHub actions is helpful but not required to benefit from this security-focused presentation.