Reduce OSS Risks
Have you ever asked (or been asked) these questions about particular components when vulnerabilities have been reported: “Did we ever use that? Where is it?” If you answered yes, your next questions were probably something like: “How severe is the threat? How many places does it exist in production? Are we using it in development today? How quickly can we remediate the threat?”
Follow this learning path when you’re ready to generate a Software Bill of Materials (SBOM), immediately identify risks in new and existing components, flag violations, and receive recommendations to remediate risks.
Work your way to – and through – each milestone to reach the end of your path. We’ve compiled relevant resources hosted both here and elsewhere.
Ready to get started? Download the study guide. Complete the questions/discussion prompts as you make your way through each milestone. At the end of the learning path, you’ll earn a Certificate of Completion. Use the study guide to prepare for the Learning Path Assessment.
Why the Software Bill of Materials?
Why is the Software Bill of Materials, the inventory of the open source and third-party components we use to develop our software, so important?
Outcome: You’re armed with more information about a Software Bill of Materials, and why an SBOM is so important. Continue on to Milestone 2.
How to Generate a Software Bill of Materials?
How can you generate a software bill of materials? Sonatype offers free, developer-friendly suite of tools to find and fix open source vulnerabilities. How can you use them today to start building security into your SDLC? Take a look at Milestone 2 and the study guide, and continue on the learning path.
Outcome: You’ve manually scanned your applications using the free tools available. That’s a great start into building security into your SDLC. You’ve manually generated a software bill of materials, and you’ve identified some vulnerabilities. You’re also aware of the limitations that come with using the free, manual tools. Move on to Milestone 3 to learn how to automate and overcome those limitations.
Explore the Nexus Platform
In this final trail of your learning path, explore the Nexus platform. When you’re ready for precise data and remediation advice from the experts via an automated process, check out the Nexus Platform.
Outcome: Nice work. You’ve reviewed the Nexus platform. You know how Sonatype provides very precise data and remediation advice from the experts and automates this process along all stages of your SDLC. You’re prepared to advance your stakes in building automated security into your projects.
You made it!
You made it to the end of the learning path. Take the assessment to earn your Certificate of Completion.
Your Feedback Matters!
Take a moment or two to let us know what you thought of this learning path!