AzureFunBytes Episode 58 – Improve your Open Source Security with @WhiteSourceSoft
AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure.
One of my favorite parts of doing this show is meeting people across the world who want to help others have a safe and secure experience on Azure. I’ve done my best to find guests in the last few weeks that really drill down the importance of “shifting left” while developing software. This is an effort that should start at your planning process and involve everyone from your developers, product managers, and ops.
This week is no different as we talk about securing open source management workflows. As developers progress along the software delivery lifecycle there’s a need to ensure that security scans can be automated. By implementing products like WhiteSource you can automatically detect, prioritize, and remediate your open source security vulnerabilities.
00:00:00 – Opening
00:06:29 – Let’s meet Lena and Rhys
00:18:30 – Detection, Prioritization, Remediation
00:26:45 – Open source Security
00:34:42 – Demoing WhiteSource and Azure DevOps
00:42:12 – Open source risk report
00:50:20 – Free plugin
00:53:03 – Diffend
Our agenda includes:
- Rhys & Lena’s roles at WhiteSource
- Software Composition Analysis (SCA) importance
- SCA in the SDLC, including AZDO
- Pipeline plugin for scanning
- UI for security and compliance reports
- Renovate tool for Dependency automation
- Diffend service for Supply Chain security
- Future Azure repos integrations
About Rhys Arkins:
Rhys Arkins is the Director of Product Management at WhiteSource responsible for developer tooling and supply chain security. He joined WhiteSource in 2019 through the acquisition of his startup “Renovate Bot”, which he continues to take a leading role on. Rhys is a big believer in automation in the SDLC as a way to produce better, quicker, more consistent outcomes.
About Lena Kleyner:
Lena Kleyner is a Product Manager at WhiteSource with a vast technical background. With more than 10 years as a software developer, she is leading WhiteSource’s integrations and scanning agents. Lena specifically enjoys connecting between customers’ needs and the proper technical solutions.
Learn about Azure fundamentals with me!
Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well:
Get $200 in free Azure Credit
Microsoft Learn: Introduction to Azure fundamentals
WhiteSource for Azure DevOps Services
Renovate Bot open source
Renovate Me community pipeline
WhiteSource streamlines application delivery and development with Microsoft Azure and Azure Kubernetes Service
Microsoft Security Engineer certification path
Enable DevSecOps with Azure and GitHub