Building Secure Software Supply Chains with Open-Source Tools
Building Secure Software Supply Chains with Open-Source Tools
.MP4, AVC, 1280x720, 30 fps | English, AAC, 2 Ch | 1h 18m | 173 MB
Instructor: Oladele Oloruntimilehin
.MP4, AVC, 1280x720, 30 fps | English, AAC, 2 Ch | 1h 18m | 173 MB
Instructor: Oladele Oloruntimilehin
This course is designed for security engineers, developers, and DevOps teams who want to lock down their software supply chains against modern threats. Learn to secure every phase of the development (from code to deployment) using practical, open-source tools like Syft (for SBOMs), Grype (vulnerability scanning for SBOMs), Trivy (dependency checks) and Gitleaks (secrets detection). Instructor Oladele Oloruntimilehin explains how to build automated, parallelized pipelines that cut runtime while maintaining rigorous security checks. By the end, you will have a repeatable workflow to prevent breaches, comply with industry standards, and ship code with confidence.
Learning objectives
- Analyze software bills of materials (SBOMs) created with Syft to identify dependencies, assess licensing compliance, and determine the components that require security monitoring in your organization's software ecosystem.
- Evaluate vulnerabilities in your software supply chain using Grype by assessing severity levels, determining exploit potential, and prioritizing remediation efforts based on risk to the organization.
- Create automated, parallelized CI/CD pipelines that integrate security tools (Syft, Grype, Trivy, and Gitleaks) to efficiently validate code security without significantly increasing build times.
- Apply supply chain security practices that meet CIS standards by implementing appropriate controls throughout the development lifecycle from code commit to production deployment.
- Detect hardcoded secrets and sensitive information in source code repositories using Gitleaks, and design preventive measures that can be integrated into developer workflows to avoid future security lapses.
Building Secure Software Supply Chains with Open-Source Tools
