Inspecting Open Source Software Packages for Security and License Compliance
|
This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.
Modern software is composed of many open source components, that are used to speed development and provide complex functionality you would normally need to write yourself. But with that convenience, there come some risks. In this course, Inspecting Open Source Software Packages for Security and License Compliance, you will learn the different types of risks involved with open source software, and how you can manage those risks by using a tool called WhiteSource Bolt. First, you will explore the licenses that come with open source libraries and components. Next, you will learn the inherent risks that come with leveraging open source libraries in your projects. Then, you will understand more about a class of tools, called software composition analysis tools, that can help you migrate those risks. Finally, you will discover a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds, to analyze the open source components in your project. By the end of this course, you will be more confident in managing open source libraries, and better able to respond to threats to those components.
Author Name: Neil Morrissey
Author Description:
Neil has worked on everything from early mobile .NET compact framework apps to modern Azure based web apps during his years in IT. As a developer and architect, he has focused on .NET and JavaScript application development, security, and hosting across a variety of Microsoft platforms, including ASP.NET, SharePoint, and Dynamics CRM. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.
Table of Contents
- Course Overview
2mins - Setting up a Build Pipeline to Inspect Package Feeds
36mins
User Reviews
Be the first to review “Inspecting Open Source Software Packages for Security and License Compliance”
Related Products
Collection with PowerSploit
In this course, we'll explore the language of logic and deductive reasoning. Completing this course will grant you the knowledge needed to make better decisions.
Securing Angular Apps with OpenID Connect and OAuth 2
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-on (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
Building and Leading an Effective Threat Modeling Program
If you've seen the benefits of threat modeling in action and want to take this popular security approach to the next level, then this course will teach you how to plan, execute, and manage a threat modeling program at scale within your organization.
Cisco Enterprise Networks: Infrastructure Security
In this course, you'll learn how to configure DHCP snooping, IP source guard, dynamic ARP inspection (DAI), port security, storm control, RADIUS, and TACACS+.
Pluralsight LIVE 2018: Get Your Geek On (Security)
Safeguard your organization from threats by leveling up your security know-how.
Malware Analysis: Identifying and Defeating Code Obfuscation
Malware authors routinely utilize obfuscation techniques to complicate the analysis of their code. This course will teach you techniques for identifying and defeating code obfuscation so that key characteristics and behaviors can be identified.
There are no reviews yet.