June TASK / Software Composition Analysis

Wednesday 29-June-2022 // 6:00 – 7:30 PM
Meeting Location: Virtual – Register


June TASK (Virtual)

Speaker: Magno Logan
Topic: Knowing your apps and software supply chain: Intro to Software Composition Analysis

Software supply chain has become a hot topic – and open-source software security has become a big challenge. One part of the toolset to manage and secure the software supply chain is Software Composition Analysis. The forerunners of this toolset takes us back to the early 2000s in different forms to indicate security verifications on open-source components. With a great deal of progress in SCA capabilities, It is the process of identifying and listing all the components and versions present in the code and checking each specific service and looking for outdated or vulnerable libraries that may impose security risks to the application. In this session you’ll learn about:

  • How SCA tools work and how can they help identify and remediate open-source libraries used in a codebase
  • How these tools work and the main pieces of information that these tools rely on, such as the application manifest, vulnerability data sources, and dependency metadata
  • How these tools can check for legal issues regarding the use of open-source software with different licensing terms and conditions

Magno Logan works as an Information Security Specialist and Senior Threat Researcher for Trend Micro. He specializes in Cloud, Container, Application Security Research, Threat Modelling, and Red Teaming. In addition, he has been tapped as a resource speaker for numerous security conferences around the globe. He is the JampaSec Security Conference and the OWASP Paraiba Chapter founder, and an active member of the CNCF Security TAG team.


Don’t forget to register for the webinar now (free) to ensure you get access on the night: https://us06web.zoom.us/webinar/register/2016553255015/WN_Os9I5hC3Tpu552GJWubG4Q

We look forward to see you all then,
The TASK Steering Committee

Posted in Events.