Software Composition Analysis

Module
10 Units

Advanced

Administrator

AI Engineer

Data Engineer

Developer

DevOps Engineer

Platform Engineer

Security Engineer

Security Operations Analyst

Service Adoption Specialist

Solution Architect

Startup Founder

Technology Manager

Azure

Azure Artifacts

Azure Boards

Azure Cloud Services

Azure DevOps

Azure Pipelines

Azure Repos

Azure Test Plans

GitHub

This module explains Software Composition Analysis (SCA) fundamentals, inspecting and validating code bases for compliance, implementing GitHub Dependabot for automated vulnerability detection, integrating SCA tools like Mend (WhiteSource), Snyk, and OWASP Dependency-Check into Azure Pipelines, automating container image scanning, and interpreting security alerts from scanning tools.

Learning objectives

By the end of this module, you are able to:

Understand Software Composition Analysis (SCA) and why it's essential for managing open-source dependencies securely.
Inspect and validate code bases for license compliance and security vulnerabilities using automated tools.
Implement GitHub Dependabot to automatically detect vulnerable dependencies and create pull requests for security updates.
Integrate Software Composition Analysis checks into Azure Pipelines to scan dependencies during build and deployment processes.
Examine and configure SCA tools including Mend (WhiteSource), Snyk, OWASP Dependency-Check, and Azure Artifacts upstream sources.
Automate container image scanning to detect vulnerabilities in base images and application dependencies.
Interpret alerts from scanning tools and prioritize remediation based on severity, exploitability, and business impact.

Prerequisites

None

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Start