Overview
Syllabus
Intro
Recap of what was covered in previous episodes
Introducing the Spring framework
Using open source in your application
Dependencies - https://xkcd.com/2347/
Introducing the Software Bill of Materials SBOM
Generating an SBOM in Artifactory/ Xray
Exporting an SBOM Artifactory/Xray
Who should be paying attention to security
Everything as code
How times have changed
Awareness is key
The Leftpad incident
Engineering in software engineering
Choosing components
Involving management in security
Considering security from the beginning
Available resources for vulnerability intel
All vulnerabilities vs applicable vulnerabilities
Importance of context in vulnerability scanning
What is a Certified Naming Authority CNA ?
Different flavors of vulnerability research
SLSA - Supply Chain Levels for Software Artifacts
A shared vocabulary
Automating SBOMs
From the developers side
FrogBot: scan pull requests for vulnerabilities after check-in
Securing your container images
Problems with always using the latest version
Looking into pyrsia.io for software supply chain security
Security-minded development
Taught by
NGINX, Inc