Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis
Eclipse Foundation via YouTube
AI, Data Science & Cloud Certificates from Google, IBM & Meta
Pass the PMP® Exam on Your First Try — Expert-Led Training
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn about Software Composition Analysis (SCA) tools and approaches for securing the Java software supply chain in this 24-minute conference talk. Explore the critical importance of managing third-party package dependencies in Java projects, particularly in light of major security incidents like SolarWinds and Log4Shell. Compare two distinct approaches to vulnerability detection: the code-centric method used by Eclipse Steady and the metadata-based approach of OWASP Dependency-Check. Examine real-world applications of both tools across various Java projects, understanding their respective strengths and limitations. Discover how a proposed hybrid approach could combine the best aspects of both methods to enhance vulnerability detection precision and efficiency. Gain practical insights into implementing these free, open-source tools in your own projects, with only basic software development knowledge required.
Syllabus
Enhancing Software Supply Chain Security: Approaches to Software Composition Analysis - OCX 2024
Taught by
Eclipse Foundation