Software Composition Analysis 101 Knowing What’s Inside Your Apps Magno Logan

The term Software Composition Analysis (SCA) is relatively new to the security world. However, similar approaches have been used since the early 2000s to indicate security verifications on open source components. SCA has become an evolution of that. It is the process of identifying and listing all the components and versions present in the code and checking each specific service and looking for outdated or vulnerable libraries that may impose security risks to the application. These tools can also check for legal issues regarding the use of open-source software with different licensing terms and conditions. Nevertheless, how those SCA tools work, and how can they help identify and remediate issues on open source libraries used in a codebase? This talk aims to focus on and explain to the audience by showing how these tools work and the main pieces of information that these tools rely on, such as the application manifest, vulnerability data sources, and dependency metadata.

Audience Takeaways
SCA tools and techniques are here to stay, and their usage is increasing in many organizations where security is a priority. Unfortunately, AppSec teams cannot keep up with all the new vulnerabilities published daily. Make sure to look for solutions that can adequately adapt to your own way of building software. They need to cover the programming languages used in your organization and identify issues on indirect dependencies, not just relying on public CVEs to find those issues.

Rate Session

  • Software Composition Analysis 101: Knowing what’s inside your apps - Magno Logan ( Download)
  • Software Composition Analysis 101: what’s inside your apps | Magno Logan | Conf42 DevSecOps 2021 ( Download)
  • Software Composition Analysis 101: Knowing what’s inside your apps with Magno Logan ( Download)
  • Software Composition Analysis 101: Knowing what’s inside your apps - Magno Logan ( Download)
  • What is Software Composition Analysis (SCA) | AppSec 101 ( Download)
  • Whiteboard Wednesday: An Introduction to Software Composition Analysis (SCA) ( Download)
  • What Is Software Composition Analysis (SCA) How SCA Scans Open Source Code ( Download)
  • Software Composition Analysis: Tools and Techniques ( Download)
  • December Event - G0rking | Software Composition Analysis 101 ( Download)
  • What are the Benefits of Software Composition Analysis (SCA) Tools in Development Organizations ( Download)
  • Software Composition Analysis | SCA | App Security | Third Party Software and Open Source Security ( Download)
  • Software Composition Analysis (SCA) Demo ( Download)
  • Software Composition Analysis from Synopsys | Synopsys ( Download)
  • What is Software Composition Analysis ( Download)
  • How Software Composition Analysis (SCA) Helps with OpenChain Compliance ( Download)

Author

Ariyani

Como educador, estou profundamente engajado no desenvolvimento dos estudantes em ambiente escolar, adotando métodos pedagógicos que valorizam conexões genuínas e são movidos por inovação e fervor. É minha vocação guiar os alunos na jornada de se tornarem uma geração notável, empregando estratégias de ensino amplamente aclamadas por prestigiadas instituições acadêmicas ao redor do globo - report.dashgoo.com