Learning Path: DevSecOps

Source Composition Analysis for DevSecOps

Practically everyone uses open source software and libraries, including major organizations. But regardless of how safe people think they are, we need to be sure it’s not compromising our applications. Source Composition Analysis (SCA) is how we test the security of all the open source components of our software.

In this program, you’ll learn everything there is to know about SCA and how it ties into a sustainable DevOps practice. We’ll be taking you through some of the most popular SCA tools, as well as automating a Software Bill of Materials (SBOM). The course also features hands-on labs that show you how to integrate SCA into a CI pipeline, as well as tracking and monitoring software components in a CI platform.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.

Course Outline

  • Course Introduction
  • Course Pre-requisites
  • Introduction to Source Composition Analysis and Software Bill of Materials
  • Effective Source Composition Analysis (SCA) – Part 1
  • Effective Source Composition Analysis – Part 2
  • Issues and Challenges with SCA
  • SBOM with CycloneDX – Part 1
  • SBOM with CycloneDX – Part 2
  • Lab: NPM Audit