Supply Chain Risk Management with OWASP Dependency-Check
Software supply chain risks are a huge security concern today and automated tools are essential to mitigate this threat. In this course, you will learn how to manage this risk by setting up OWASP Dependency-Check scanning on a software project.
What you'll learn
On average, a modern software application relies on over 500 open source components, and at least 25% of these dependencies will have known security vulnerabilities. Yet software vendors are all too often unaware of these vulnerabilities and may not even know on which components their software is dependent. In this course, Supply Chain Risk Management with OWASP Dependency-Check, you will learn how to use OWASP Dependency-Check to secure your software supply chain by scanning for, detecting, and acting on vulnerable third party components in software you produce. First, you will discover how to obtain and install OWASP Dependency-Check. Next, you will see how Dependency-Check can be used to scan an application for vulnerable dependencies. Finally, you will explore some best practices for reviewing and remediating the output of a Dependency-Check scan. By the end of this course, you will know how to manage these risks by setting up OWASP Dependency-Check scanning on a software project.
Table of contents
- Supply Chain Security 4m
- Software Composition Analysis and Dependency-Check 4m
- NIST Cybersecurity Framework 1m
- Installation 2m
- Demo: Dependency-Check Reports 6m
- Demo: Configuring Analyzers 8m
- Demo: Skipping Development Dependencies 4m
- Remediating Vulnerable Components 5m
- Demo: Configuring Scan Failures 5m
- Tips and Best Practices 5m