SCA with Jenkins

Bootcamp: Rapid Threat Modeling with GenAI & LLMs - June 6-7, 2024. Only 5 seats left - Secure your spot!
Learning Path
Ideal for
Security Engineer
Cloud Labs

Jenkins is every AppSec engineer’s favorite tool for security automation. It also happens to be one of the most flexible CI/CD platforms out there, which makes it the ideal for automating DAST & SAST scans—and as we’ll explore in this course—Source Composition Analysis (SCA) scans.

As we go through this course, we’re going to learn about automating SCA tools with Jenkins in order to protect ourselves from vulnerable third-party packages and libraries that could lead to supply-chain attacks, which can be extremely dangerous if they’re not detected early.

We begin our lesson with creating basic jobs to run SCA scans, which is a key component in our DevSecOps pipeline. Once a scan is complete, we’re going to be generating results and storing them as artifacts for further analysis.

Finally, we’ll take a detailed look at Static Analysis for Container images, which is extremely important to prevent potential supply-chain attacks.

No application is ever built in a void—nearly all modern-day software uses third party libraries and packages. The danger to your application comes when these libraries are vulnerable themselves, putting your application at risk. By running SCA scans during the development stage and identifying these defects early, you end up saving hundreds of man-hours in bug-fixing.

You might also like these courses

Or explore these Learning Paths


Python SCA with Jenkins

NodeJs SCA with Jenkins

Java SCA with Jenkins

Container Static Analysis with Jenkins

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started

Contact Support

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023