, 2021 ·

Workshops

What App Developers Need to Know About Secure Software Supply Chain

(90 min)

With the advent of continuous delivery and DevSecOps, app developers need to be active participants in security during the early stages of software development and delivery. The stakes are high. One in ten component downloads has known vulnerabilities, and on average, there are 38 known OSS vulnerabilities in every application (Source: 2020 State of The Software Supply Chain). These are manageable risks that developers can and should play an active part in influencing and even remediating, because the ability to deliver user value will always hinge on being able to iterate quickly in production.

Robust automation and tooling enables app developers to contribute quality code and maintain a strong security posture, though it’s not always an easy journey. This interactive, instructor-led workshop focuses on practical guidance for security best practices and tools (including Spring Security modules, VMware Tanzu App Catalog, and VMware Tanzu Build Service) that application developers can use to “shift left” and commit quality code to production with confidence.

During this workshop, experts from VMware Tanzu Labs will use a Spring Boot application to walk through how application developers can deliver some of the most critical outcomes in a secure software supply chain for their organization, including topics such as commit validation and dependency management. We’ll use a Spring Boot application and the principles demonstrated can be applied to other frameworks as well. This course incorporates real-world use cases and lessons learned while helping some of the world’s best-known enterprises and government organizations achieve authority to operate (ATO), automated compliance, and consistent security postures in the most strictly regulated industries.


Prerequisites

  • GitHub account

Requirements