Beginner

SCA with Jenkins

Step into the Spotlight with AppSec Expertise: Use coupon ‘SKILLUP30’ and get 30% Off on Individual Pro Annual Plans.
Learning Path
DevSecOps
Ideal for
DevOps
Security Engineer
2
Hours
8
Lessons
4
Cloud Labs

Jenkins is every AppSec engineer’s favorite tool for security automation. It also happens to be one of the most flexible CI/CD platforms out there, which makes it the ideal for automating DAST & SAST scans—and as we’ll explore in this course—Source Composition Analysis (SCA) scans.

As we go through this course, we’re going to learn about automating SCA tools with Jenkins in order to protect ourselves from vulnerable third-party packages and libraries that could lead to supply-chain attacks, which can be extremely dangerous if they’re not detected early.

We begin our lesson with creating basic jobs to run SCA scans, which is a key component in our DevSecOps pipeline. Once a scan is complete, we’re going to be generating results and storing them as artifacts for further analysis.

Finally, we’ll take a detailed look at Static Analysis for Container images, which is extremely important to prevent potential supply-chain attacks.

No application is ever built in a void—nearly all modern-day software uses third party libraries and packages. The danger to your application comes when these libraries are vulnerable themselves, putting your application at risk. By running SCA scans during the development stage and identifying these defects early, you end up saving hundreds of man-hours in bug-fixing.

You might also like these courses

Or explore these Learning Paths

Labs

Python SCA with Jenkins

NodeJs SCA with Jenkins

Java SCA with Jenkins

Container Static Analysis with Jenkins

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2023