ENG 320 – Using Software Composition Analysis (SCA) to Secure Open-Source Components

Course Overview

Software Composition Analysis (SCA) provides visibility into the open-source components and libraries being incorporated into the software that development teams create. SCA can help manage security and license-related risks. This course provides learners with a fundamental understanding of how to use Software Composition Analysis (SCA) tools to securely integrate open-source software into new code.

On successful completion of this course, learners should have the knowledge and skills required to:

• Discuss the security risks associated with software vulnerabilities and license compliance
• Understand the SCA Architecture and how the technologies help to make dependency checks possible
• Use the Software Bill of Materials (SBOM) and Vulnerability Databases to fully perform software analysis
• Understand Development Workflow Integration and SCA Limitations
• Use SCA for Containerized Applications and Infrastructure as Code (IaC)