On-Demand

40 Min

Everybody is talking about securing the DevOps pipeline and shifting security left. Most developers are aware of established AppSec solutions like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address security issues in home-grown code.


But what about the security of the open source libraries and modules that many organizations are using in their codebase?


SCA (Software Composition Analysis) solutions are frequently left out which can result in software being shipped containing open-source components with known vulnerabilities. Since Both SAST and SCA tools address vulnerabilities many organizations are evaluating them one against other.


In this webinar we learn how to address any open source security concerns within your organization, understand the difference between securing your open source components and your proprietary code. Learn how you can automatically detect vulnerable open source components, and discover ways to avoid the pitfalls of unmanaged open source usage.

 

In this session, our experts discussed:

  • What are the risks in open source?
  • Why is the main difference with SAST and SCA?
  • Why and how SCA & SAST can work together

Session will be lead by:

Samuel Abdelsayed - Checkmarx
Professional Services and Technical Account Management
Follow on LinkedIn

4 Reasons Why Developers Love Open Source

Speed

Open Source can making Coding a LOT faster

Habit

It is just part of day-to day coding operations

Security

LOT more people reviewing the code

Availability

There are hundreds of thousands of open-source libraries out there to use

Why?

Someone in your organization is probably coding using open-source components

What?

is the risk in
Open source?

What?

is the main difference with SAST and SCA?