Learn about Software Composition Analysis (SCA) tools and approaches for securing the Java software supply chain in this 24-minute conference talk. Explore the critical importance of managing third-party package dependencies in Java projects, particularly in light of major security incidents like SolarWinds and Log4Shell. Compare two distinct approaches to vulnerability detection: the code-centric method used by Eclipse Steady and the metadata-based approach of OWASP Dependency-Check. Examine real-world applications of both tools across various Java projects, understanding their respective strengths and limitations. Discover how a proposed hybrid approach could combine the best aspects of both methods to enhance vulnerability detection precision and efficiency. Gain practical insights into implementing these free, open-source tools in your own projects, with only basic software development knowledge required.
Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis
Eclipse Foundation via YouTube
Overview
Syllabus
Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis - OCX 2024
Taught by
Eclipse Foundation
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Secure Software Supply Chain: Current State in PHP and Drupal Ecosystem
-
A Java Developer's Guide to Supply Chain Security
-
Hello World+ Projects to Test and Benchmark Software Composition Analysis Tools
-
Software Composition Analysis at Scale with Eclipse Apoapsis
