Learn about software supply chain security fundamentals in this 30-minute conference talk that demystifies key concepts like SBOM, VEX, SLSA, and GUAC. Explore why understanding source code composition has become crucial for modern security practices, moving beyond mere compliance checkboxes. Gain clarity on these important security terms and their practical significance in protecting organizations from current and emerging threats. Discover a holistic approach to implementing security tools effectively while understanding the deeper questions and challenges these solutions aim to address in the software supply chain landscape.
What Is Going On In Your Source Code? Understanding Software Component Analysis in Plain Language
Overview
Syllabus
What Is Going On In Your Source Code? Understanding SCA In Plain Language - Dwayne McDaniel
Taught by
OpenSSF
Related Courses
-
Understanding Software Component Analysis (SCA) in Plain Language
-
Software Supply Chain Security for Those in a Rush
-
GUAC Verification for Software Supply Chain Security
-
SLSA, SigStore, SBOM & Software Supply Chain Security - What Does It All Mean?
-
Demystify Secure Software Supply Chain Metadata
-
Where Is the GUAC? - Understanding Artifact Composition in Software Supply Chains
