Explore a comprehensive guide to automating dependency assurance in this 26-minute conference talk by Steve Judd from Jetstack. Discover how modern software components rely on external dependencies with unknown origins and learn why verifying their trustworthiness is crucial. Gain insights into Jetstack's work with financial services and defense sector clients to develop efficient dependency assurance mechanisms. Learn about implementing automated pipelines that audit dependencies for vulnerabilities and license obligations, assess them against organizational security policies, and control their usage within the company. Understand how to overcome common objections to dependency assurance and improve your organization's risk and security posture through modern tooling and practices.
Know Your Dependencies - A Guide to Automating Dependency Assurance
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Know Your Dependencies: A Guide to Automating Dependency Assurance - Steve Judd, Jetstack
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Rising Threat - Securing Your Open-Source Pipeline
-
Measure and Improve Software Supply Chain Assurance with OWASP SCVS
-
How to Trust Your Open Source Software Using Scorecards
-
Dependencies: Do's and Don'ts - Managing Application Dependencies Securely
-
Do You Know the Health of Your OSS Dependencies? Introducing OSSF Scorecard API
