Learn how to navigate the complex landscape of software supply chain security in this 15-minute DevSecCon conference talk that demystifies key concepts like SBOM, VEX, SLSA, and GUAC. Explore beyond surface-level compliance requirements to gain a deeper understanding of why these security measures matter and how they protect against current and future threats. Discover practical insights into source code analysis and supply chain security that will help make informed decisions about implementing security tools and strategies to better protect your organization.
Understanding Software Component Analysis (SCA) in Plain Language
Overview
Syllabus
What is going on in your source code? Understanding SCA in plain language
Taught by
DevSecCon
Related Courses
-
DevSecOps Fundamentals
-
Software Supply Chain Security for Those in a Rush
-
GUAC Verification for Software Supply Chain Security
-
Eliminating the Unknowns: Using GUAC to Better Understand Your Software Supply Chain
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
