Course Description (from the course website)
Practically everyone uses open source software and libraries, including major organizations. But regardless of how safe people think they are, we need to be sure it’s not compromising our applications. Source Composition Analysis (SCA) is how we test the security of all the open source components of our software.
In Source Composition Analysis for DevSecOps, you’ll learn everything there is to know about SCA and how it ties into a sustainable DevOps practice. We’ll be taking you through some of the most popular SCA tools, as well as automating a Software Bill of Materials (SBOM). We’ll even learn how to use CycloneDX to manage our SBOM.
Finally, we’ll learn how to conduct a comprehensive NPM audit in our practical labs. The course features hands-on lab exercises where you will integrate SCA into a CI pipeline, as well as tracking and monitoring software components in a CI platform.
Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.
In Source Composition Analysis for DevSecOps, you’ll learn everything there is to know about SCA and how it ties into a sustainable DevOps practice. We’ll be taking you through some of the most popular SCA tools, as well as automating a Software Bill of Materials (SBOM). We’ll even learn how to use CycloneDX to manage our SBOM.
Finally, we’ll learn how to conduct a comprehensive NPM audit in our practical labs. The course features hands-on lab exercises where you will integrate SCA into a CI pipeline, as well as tracking and monitoring software components in a CI platform.
Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.