Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis

Eclipse Foundation via YouTube

Overview

Learn about Software Composition Analysis (SCA) tools and approaches for securing the Java software supply chain in this 24-minute conference talk. Explore the critical importance of managing third-party package dependencies in Java projects, particularly in light of major security incidents like SolarWinds and Log4Shell. Compare two distinct approaches to vulnerability detection: the code-centric method used by Eclipse Steady and the metadata-based approach of OWASP Dependency-Check. Examine real-world applications of both tools across various Java projects, understanding their respective strengths and limitations. Discover how a proposed hybrid approach could combine the best aspects of both methods to enhance vulnerability detection precision and efficiency. Gain practical insights into implementing these free, open-source tools in your own projects, with only basic software development knowledge required.

Syllabus

Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis - OCX 2024

Taught by

Eclipse Foundation

Reviews

Start your review of Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.