Explore a comprehensive conference talk on securing the software supply chain, delivered at Conf42 DevSecOps 2023. Dive into the fundamentals of software composition analysis and risk management, examining contributor profiles, project dynamics, code quality, and vulnerability assessments. Learn how to integrate security measures into deployment pipelines, implement DevSecOps practices, and streamline security assessments. Gain insights on initiating and maintaining a robust security strategy for your software development process, including the introduction of new web service platforms and tools like SourceMotion.
Securing the Software Supply Chain - Beyond SBOM Risk Assessment
Overview
Syllabus
intro
preamble
agenda
marek and aleksander
risk model
fundamentals
whys and whats of software composition analysis
risks - what if we don't?
software composition analysis - risk management scarm
contributor profile
project activity = project dynamics
code quality
vulnerabilities cve dynamics
how to plug it into the software deployment pipeline?
production pipeline
devsecops by linux polska
how to make it happen? just start...
new web service platform...
streamline your security assessments
sourcemotion
thank you, contact us!
Taught by
Conf42
Related Courses
-
DevSecOps Fundamentals
-
From SBOM to Trusted Software Supply Chain - How Far Are We?
-
Fortifying Tomorrow's CD Pipelines: Harnessing the Power of DevSecOps Data Using Ortelius
-
Fight Back Against Cyber Risk in the Software Supply Chain - Secure DevSecOps Pipeline for Regulated Environments
-
Protecting Ourselves from CNCFgate - Software Supply Chain Security at CNCF - Practices, and Tools
-
Protect Yourself Against Supply Chain Attacks
