Source Composition Analysis for DevSecOps

4th of July Sale: Use coupon “FIREWORKS15” and get 15% off on Pro and Pro Plus Individual Annual Plans.
Learning Path
Ideal for
Security Engineer
Security Architect
Cloud Labs

Practically everyone uses open source software and libraries, including major organizations. But regardless of how safe people think they are, we need to be sure it’s not compromising our applications. Source Composition Analysis (SCA) is how we test the security of all the open source components of our software.

In Source Composition Analysis for DevSecOps, you’ll learn everything there is to know about SCA and how it ties into a sustainable DevOps practice. We’ll be taking you through some of the most popular SCA tools, as well as automating a Software Bill of Materials (SBOM). We’ll even learn how to use CycloneDX to manage our SBOM.

Finally, we’ll learn how to conduct a comprehensive NPM audit in our practical labs. The course features hands-on lab exercises where you will integrate SCA into a CI pipeline, as well as tracking and monitoring software components in a CI platform.

Our learning material is backed by years of security testing experience, knowledge, and original research across our entire security team. That’s why we’ve chosen to focus on showing you practical, real-world strategies and techniques that bring you closer to a successful DevSecOps implementation.  

You might also like these courses

Or explore these Learning Paths


Implementing OWASP Dependency Track

Running an NPM Audit

OWASP Dependency Check

Hands-on. Defensive. Bleeding-Edge.

There's no other training platform that does all three. Except AppSecEngineer.
Get Our Newsletter
Get Started

Contact Support

1603 Capitol Avenue,
Suite 413A #2898,
Cheyenne, Wyoming 82001,
United States

Copyright AppSecEngineer © 2023