Explore comprehensive strategies for securing the software supply chain in Java applications through this informative conference talk. Delve into critical aspects of supply chain security, including Git commit integrity, dependency visibility, vulnerability scanning, and production artifact verification. Learn practical techniques, patterns, and technologies for secure dependency management, source code protection, safe build processes, and effective patching strategies. Discover Kubernetes-native approaches to supply chain security and witness live demonstrations of cutting-edge practices based on the SLSA framework and CNCF WG Security research. Gain hands-on insights into utilizing open-source tools such as Gradle, Sigstore, Cloud Native Buildpacks, Trivy, Syft, and Kyverno to enhance the security of your Java applications throughout the entire development lifecycle.
Securing the Supply Chain for Your Java Applications by Thomas Vitale
Overview
Syllabus
Securing the Supply Chain for Your Java Applications by Thomas Vitale
Taught by
Devoxx
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Developer Security Champion: Supply Chain Security
-
Enterprise Security Leadership: Understanding Supply Chain Security
-
Securing the Supply Chain for Your Java Applications
-
Kubernetes Security: Implementing Supply Chain Security
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
