Inspecting Open Source Software Packages for Security and License Compliance
This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.
What you'll learn
Modern software is composed of many open source components, that are used to speed development and provide complex functionality you would normally need to write yourself. But with that convenience, there come some risks. In this course, Inspecting Open Source Software Packages for Security and License Compliance, you will learn the different types of risks involved with open source software, and how you can manage those risks by using a tool called WhiteSource Bolt. First, you will explore the licenses that come with open source libraries and components. Next, you will learn the inherent risks that come with leveraging open source libraries in your projects. Then, you will understand more about a class of tools, called software composition analysis tools, that can help you migrate those risks. Finally, you will discover a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds, to analyze the open source components in your project. By the end of this course, you will be more confident in managing open source libraries, and better able to respond to threats to those components.
Table of contents
- Introduction 2m
- What Is Open Source Software (OSS)? 7m
- Understanding Open Source Software Risks 6m
- Software Composition Analysis Tools 3m
- WhiteSource and WhiteSource Bolt 5m
- Installing WhiteSource Bolt in Azure DevOps 2m
- Configuring a Pipeline to Use WhiteSource Bolt 4m
- Exploring the WhiteSource Bolt Report 6m
- Module Summary 1m