DevSecOps Workshop: Secure your Software Supply Chain (Code to Runtime)

End-to-end supply chain security requires vigilance. This starts before the developer calls an external package, through proprietary code development, code compiling, interim builds, and the pipeline to release and distribution, all the way to production and after deployment. In this training, we’ll identify a typical Enterprise Software Supply chain and its risk for attack. We’ll also discuss ways to enable end-to-end vigilance for software supply chain risk management. By the end of this training, you should be able to: - Understand what software supply chain is, what it is made of and how to secure it end to end. This includes securing Open Source components, Configurations and IaC. - How to gain visibility into the dependencies being used, packages being developed and gate keeping them based on vulnerabilities , license compliance and operational risk to ensure safety. - Learn various tools that the JFrog Software Supply Chain security platform offers and how to onboard them.