Table of Content


Module 1: Software Composition Analysis (SCA)

  • Overview of SCA and its significance in managing third-party dependencies
  • Exploring popular SCA tools (OSV/OWASP Dependency Checker/Dependabot) and their
  • Configuring SCA scans for identifying vulnerable dependencies
  • Analyzing SCA reports and prioritizing vulnerabilities
  • Implementing remediation strategies for secure dependency management
  • Hands-on exercises and real-world examples

Module 2: Semgrep

  • Introduction to Semgrep and its role in static analysis
  • Setting up Semgrep environment and tools
  • Writing Semgrep rules for vulnerability detection
  • Customizing Semgrep rules for specific security requirements
  • Practical exercises and hands-on activities

Module 3: DevSecOps

  • Understanding the principles and benefits of DevSecOps
  • Incorporating SAST, and SCA into the development workflow
  • Discussion on the practical challenges and solutions

Q&A and Conclusion

  • Open discussion and Q&A session to address remaining questions and concerns
  • Summary of key takeaways from the training
  • Resources for further learning and practice
Bakul Gupta
Keshav Malik

Shubham Soin
Hall Name: Hall 1
Time: 8 Hour

The hands-on workshop dives into DevSecOps, focusing on Semgrep, and Software Composition Analysis (SCA). Learn to use CodeQL and Semgrep for code analysis, manage software dependencies with SCA, and explore these tools in action at LinkedIn. Wrap up with a Q&A session to answer all your burning questions.

About Speakers