Inspecting Open Source Software Packages for Security and License Compliance

Focused View

Neil Morrissey

38:05

48 View

01 - Course Overview

01 - Course Overview.mp4

02:08

02 - Setting up a Build Pipeline to Inspect Package Feeds

02 - Introduction.mp4

01:37

03 - What Is Open Source Software (OSS).mp4

06:30

04 - Understanding Open Source Software Risks.mp4

06:22

05 - Software Composition Analysis Tools.mp4

02:37

06 - WhiteSource and WhiteSource Bolt.mp4

05:08

07 - Installing WhiteSource Bolt in Azure DevOps.mp4

02:17

08 - Configuring a Pipeline to Use WhiteSource Bolt.mp4

04:00

09 - Exploring the WhiteSource Bolt Report.mp4

06:24

10 - Module Summary.mp4

01:02

Description

This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.

What You'll Learn?

Modern software is composed of many open source components, that are used to speed development and provide complex functionality you would normally need to write yourself. But with that convenience, there come some risks. In this course, Inspecting Open Source Software Packages for Security and License Compliance, you will learn the different types of risks involved with open source software, and how you can manage those risks by using a tool called WhiteSource Bolt. First, you will explore the licenses that come with open source libraries and components. Next, you will learn the inherent risks that come with leveraging open source libraries in your projects. Then, you will understand more about a class of tools, called software composition analysis tools, that can help you migrate those risks. Finally, you will discover a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds, to analyze the open source components in your project. By the end of this course, you will be more confident in managing open source libraries, and better able to respond to threats to those components.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Software Engineering

Software Architecture

Cyber Security

Information Security

Neil Morrissey

Instructor's Courses

Neil has worked on everything from early mobile .NET compact framework apps to modern Azure based web apps during his years in IT. As a developer and architect, he has focused on .NET and JavaScript application development, security, and hosting across a variety of Microsoft platforms, including ASP.NET, SharePoint, and Dynamics CRM. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.