Training
Table of Content
Module 1: Software Composition Analysis (SCA)
- Overview of SCA and its significance in managing third-party dependencies
- Exploring popular SCA tools (OSV/OWASP Dependency Checker/Dependabot) and their
capabilities - Configuring SCA scans for identifying vulnerable dependencies
- Analyzing SCA reports and prioritizing vulnerabilities
- Implementing remediation strategies for secure dependency management
- Hands-on exercises and real-world examples
Module 2: Semgrep
- Introduction to Semgrep and its role in static analysis
- Setting up Semgrep environment and tools
- Writing Semgrep rules for vulnerability detection
- Customizing Semgrep rules for specific security requirements
- Practical exercises and hands-on activities
Module 3: DevSecOps
- Understanding the principles and benefits of DevSecOps
- Incorporating SAST, and SCA into the development workflow
- Discussion on the practical challenges and solutions
Q&A and Conclusion
- Open discussion and Q&A session to address remaining questions and concerns
- Summary of key takeaways from the training
- Resources for further learning and practice
Speakers Profile
Bakul Gupta
Keshav Malik
Shubham Soin
Venue & Time
Hall Name: Hall 1
Time: 8 Hour
Workshop Goal
The hands-on workshop dives into DevSecOps, focusing on Semgrep, and Software Composition Analysis (SCA). Learn to use CodeQL and Semgrep for code analysis, manage software dependencies with SCA, and explore these tools in action at LinkedIn. Wrap up with a Q&A session to answer all your burning questions.