Inspecting Open Source Software Packages for Security and License Compliance

This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.
Course info
Rating
(11)
Level
Advanced
Updated
Dec 4, 2019
Duration
38m
Table of contents
Description
Course info
Rating
(11)
Level
Advanced
Updated
Dec 4, 2019
Duration
38m
Description

Modern software is composed of many open source components, that are used to speed development and provide complex functionality you would normally need to write yourself. But with that convenience, there come some risks. In this course, Inspecting Open Source Software Packages for Security and License Compliance, you will learn the different types of risks involved with open source software, and how you can manage those risks by using a tool called WhiteSource Bolt. First, you will explore the licenses that come with open source libraries and components. Next, you will learn the inherent risks that come with leveraging open source libraries in your projects. Then, you will understand more about a class of tools, called software composition analysis tools, that can help you migrate those risks. Finally, you will discover a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds, to analyze the open source components in your project. By the end of this course, you will be more confident in managing open source libraries, and better able to respond to threats to those components.

About the author
About the author

Neil is a solutions architect and developer, with a passion for web development, architecture, and security. He has worked in large and small IT organizations, written articles on development, and spoken at local .NET user groups. Neil has several Microsoft Certifications, including MCPD, MCSA, and MCSD.

More from the author
Microsoft Azure Services and Concepts
Intermediate
3h 37m
Sep 18, 2020
More courses by Neil Morrissey
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Neil Morrissey, and welcome to my course, Microsoft Azure DevOps Engineer, Inspecting Open Source Software Packages for Security and License Compliance. I'm a solutions architect and developer.  Using open source components and libraries during development can boost productivity by leveraging functionality that you don't need to write yourself. And modern software is composed of many open source libraries, so it can become hard to keep track of all the libraries in use in your code and even harder to keep them up to date. So with all the advantages that come with using open source libraries, there also come some risks. This course is going to teach you about those risks and how you can mitigate them using a Software Composition Analysis tool called WhiteSource Bolt that runs during your Azure DevOps pipeline build to inventory all the open source libraries in your project, identify any known vulnerabilities in those libraries, and it also helps you understand any risk introduced with the license types used by those libraries. Some of the major topics that we will cover include understanding the licenses that come with open source libraries and components. The inherent risks that come with leveraging open source libraries in your projects.  You'll learn about a class of tools called Software Composition Analysis tools that can help you mitigate those risks. And you'll learn about a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds to analyze the open source components in your project. By the end of this course, you'll know how to install and use WhiteSource Bolt to report on vulnerabilities and risks in your open source libraries so you can write more secure applications.  Before beginning this course, you should be familiar with Azure DevOps, including Azure Repos and Pipelines. I hope you'll join me on this journey to learn secure development practices with the course, Microsoft Azure DevOps Engineer, Inspecting Open Source Software Packages for Security and License Compliance, here on Pluralsight.