SBOMs and Software Vulnerabilities: Leveraging SCA for Software Supply Chain Security
nexB co-founder and CEO Michael Herzog will discuss the various SBOM specifications and approaches to SCA for analyzing software vulnerabilities and licenses. He will also explain how ScanCode, VulnerableCode, and DejaCode fit together to provide a multi-faceted platform to manage software supply chain risks.
Standardizing FOSS package identifiers using Package-URL
Join this webinar to learn more about why PURL is becoming the de-facto standard for the Software Composition Analysis community.
Deep dive into VulnerableCode v31
With our latest release, we’ve made many improvements to help you find FOSS vulnerabilities, and improve overall FOSS security. In this webinar, nexB co-founder and CTO Philippe Ombredanne will demonstrate how to best use this new FOSS tool to automate search for FOSS security vulnerabilities.
Technical deep dive into VulnTotal
Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project cross-validates the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.
Join this webinar with the Linux Foundation’s OpenChain Project to learn more about VulnTotal and VulnerableCode.