Explore how static and reachability analyses can enhance the prioritization of software composition analysis (SCA) findings in software dependencies. Learn to effectively manage the constant influx of CVE alerts for third-party libraries by examining real dependency usage rather than relying solely on build manifest analysis. Discover strategies to improve decision-making processes, uncover vulnerabilities, and boost security and productivity in software development workflows. Through real-world examples, gain insights into how these analytical approaches can help developers better prioritize updates and understand dependency changes, ultimately leading to more informed and efficient security management in software projects.
Prioritisation of SCA Findings in Software Dependencies Using Static Reachability Analysis
Overview
Syllabus
Prioritisation of SCA Findings in Software Dependencies Using Static Reachability... Joseph Hejderup
Taught by
OpenSSF
Related Courses
-
Narrow - SCA Reachability Analysis Without The Effort
-
DevSecOps Fundamentals
-
Secure Software Development: Verification and More Specialized Topics
-
Mapping the Minefield of Open Source Software Risks - DevOps 2024
-
Large-Scale Software Composition Analysis: Uncovering Vulnerable Dependencies in 600 Apps
-
Managing Vulnerabilities in Open-Source Dependencies
