Overview
Explore how static and reachability analyses can enhance the prioritization of software composition analysis (SCA) findings in software dependencies. Learn to effectively manage the constant influx of CVE alerts for third-party libraries by examining real dependency usage rather than relying solely on build manifest analysis. Discover strategies to improve decision-making processes, uncover vulnerabilities, and boost security and productivity in software development workflows. Through real-world examples, gain insights into how these analytical approaches can help developers better prioritize updates and understand dependency changes, ultimately leading to more informed and efficient security management in software projects.
Syllabus
Prioritisation of SCA Findings in Software Dependencies Using Static Reachability... Joseph Hejderup
Taught by
OpenSSF