AzureFunBytes Episode 58 – Improve your Open Source Security with @WhiteSourceSoft

Jay

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure.

AzureFunBytes animation

One of my favorite parts of doing this show is meeting people across the world who want to help others have a safe and secure experience on Azure. I’ve done my best to find guests in the last few weeks that really drill down the importance of “shifting left” while developing software. This is an effort that should start at your planning process and involve everyone from your developers, product managers, and ops.

This week is no different as we talk about securing open source management workflows. As developers progress along the software delivery lifecycle there’s a need to ensure that security scans can be automated. By implementing products like WhiteSource you can automatically detect, prioritize, and remediate your open source security vulnerabilities.

On this episode of AzureFunBytes, Rhys Arkins and Lena Kleyner of WhiteSource Software are here to introduce us to WhiteSource’s security and licensing capabilities for Azure DevOps!

00:00:00 – Opening
00:06:29 – Let’s meet Lena and Rhys
00:18:30 – Detection, Prioritization, Remediation
00:26:45 – Open source Security
00:34:42 – Demoing WhiteSource and Azure DevOps
00:42:12 – Open source risk report
00:50:20 – Free plugin
00:53:03 – Diffend

Our agenda includes:

  • Rhys & Lena’s roles at WhiteSource
  • Software Composition Analysis (SCA) importance
  • SCA in the SDLC, including AZDO
  • Pipeline plugin for scanning
  • UI for security and compliance reports
  • Renovate tool for Dependency automation
  • Diffend service for Supply Chain security
  • Future Azure repos integrations

About Rhys Arkins:

Rhys Arkins is the Director of Product Management at WhiteSource responsible for developer tooling and supply chain security. He joined WhiteSource in 2019 through the acquisition of his startup “Renovate Bot”, which he continues to take a leading role on. Rhys is a big believer in automation in the SDLC as a way to produce better, quicker, more consistent outcomes.

About Lena Kleyner:

Lena Kleyner is a Product Manager at WhiteSource with a vast technical background. With more than 10 years as a software developer, she is leading WhiteSource’s integrations and scanning agents. Lena specifically enjoys connecting between customers’ needs and the proper technical solutions.


Learn about Azure fundamentals with me!

Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well:

AzureFunBytes on Twitch
AzureFunBytes on YouTube
Azure DevOps YouTube Channel
Follow AzureFunBytes on Twitter

Useful Docs:

Get $200 in free Azure Credit
Microsoft Learn: Introduction to Azure fundamentals
WhiteSource Software
WhiteSource for Azure DevOps Services
WhiteSource Bolt
Renovate Bot open source
Renovate Me community pipeline
WhiteSource Diffend
WhiteSource Essentials
WhiteSource streamlines application delivery and development with Microsoft Azure and Azure Kubernetes Service
Microsoft Security Engineer certification path
Enable DevSecOps with Azure and GitHub

0 comments

Leave a comment