From the course: Microservices Security Workshop: From Build to Production
Join today to access over 25,500 courses taught by industry experts.
Software composition analysis (SCA)
From the course: Microservices Security Workshop: From Build to Production
Software composition analysis (SCA)
- [Instructor] Now let's look at a scanning category that tends to cause teams a lot of headache and noise, and that's software composition analysis or SCA tooling. This category of tooling picks apart all of the dependencies that makes up your application and uses those to understand where you're vulnerable or not. For our application, it's Python-based, and so we have these requirements.txt files, but in other languages, you might see package.json or Gradle files or Maven files, and these are all just different ways to manage open source packages. Here we have a list of all of these packages with different versions attached to it, and these different versions have vulnerabilities that come up over time. So for example, PyJWT, which we're using, I can go through the different versions here and see when vulnerabilities cropped up with them and which versions are affected by these vulnerabilities. Here, we can see something we talked about, which is bypassing the algorithm that was…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Secure libraries for common languages4m 5s
-
(Locked)
JWT crash course4m 1s
-
(Locked)
Static application security testing (SAST)3m 52s
-
(Locked)
Software composition analysis (SCA)4m 28s
-
(Locked)
Secrets management3m 47s
-
(Locked)
Infrastructure as Code (IaC) patterns4m 23s
-
(Locked)
Other shift-left stuff4m 46s
-
(Locked)
Challenge: Run and fix a SAST scan33s
-
(Locked)
Solution: Run and fix a SAST scan2m 53s
-
(Locked)
-
-
-