Listen to the latest episode of the Secure Developer podcastListen now
close

DSC Canada

Software composition analysis 101: Knowing what’s inside your apps

Register

Date

January 27, 2021

Time

7:00pm EST

Location

Virtual

play_circle

Questions? Join the conversation on Discord channel devseccon-canada

About the event:

The term Software Composition Analysis (SCA) is relatively new to the security world. However, similar approaches have been used since the early 2000s to indicate security verifications on open source components. SCA has become an evolution of that. It is the process of identifying and listing all the components and versions present in the code, checking each specific service, and looking for outdated or vulnerable libraries that may impose security risks to the application. These tools can also check for legal issues regarding the use of open-source software with different licensing terms and conditions. Nevertheless, how do those SCA tools work, and how can they help identify and remediate open source libraries used in a codebase? This talk focuses on and explains to the audience how these tools work and the main information that these tools rely on, such as the application manifest, vulnerability data sources, and dependency metadata.

Magno Logan

About Magno Logan

Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among many others. He has been tapped as a resource speaker for numerous security conferences around the globe. He is also the founder of JampaSec and a member of the CNCF SIG-Security team.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close