Workshop: Visibility Into Open Source Code

TrendMicro

Trend Micro Cloud One™ – Open Source Security by Snyk

In this workshop, you’ll learn how to leverage Trend Micro Cloud One – Open Source Security by Snyk with your code repositories and CI/CD pipelines to scan projects. This empowers security teams with better visibility, tracking, and early awareness into open source issues for more relevant insights and risk management.


Workshop structure Agenda

The workshop is divided into the sections listed below. Plan for around 2 hours to complete the full workshop.

1. Introduction (10 minutes)

2. Identify integration points, and connect to a GitHub sample repo to test for open source risks (30 minutes)

3. Understand how to evaluate and monitor key findings and use the in-solution knowledge base (30 minutes)

4. Gain an understanding of direct and indirect dependency mapping (30 minutes)

5. Report and manage key findings for open source issues (15 minutes)

8. Conclusion (5 minutes)

9. Cleanup (5 minutes)

10. Survey (5 minutes)


Learning Objectives

  • Open source = good, vulnerabilities = bad. Learn about application open source risks
  • Understand the importance of visibility into open source dependencies
  • Learn how to easily test your own repositories for open source issues
  • Generate a Bill of Materials and monitor projects over time
  • Surface open source license risks that may pose legal or compliance issues

Who should attend?

  • Cloud Security Engineer
  • DevSecOps Engineer
  • SecOps Engineers
  • Information Security
  • Risk Application Manager
  • Application Security
  • Anyone interested in open source security and license management visibility across multiple application projects

Background knowledge for the workshop

  • Basic knowledge on GitHub
  • Basic security knowledge

Additional help

For any additional help please reach out to:

  • Fernando Cardoso | Email: fernando_cardoso@trendmicro.com
  • Felipe Costa | Email: felipe_costa@trendmicro.com

Talk to us
Report an issue or feature request

Built with by Trend Micro


Before we dive in, let’s go through a refresher on the core concepts explored in this workshop.

Read More HERE