{"id":43734,"date":"2021-10-28T00:00:00","date_gmt":"2021-10-28T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/j\/visibility-into-open-source-code.html"},"modified":"2021-10-28T00:00:00","modified_gmt":"2021-10-28T00:00:00","slug":"workshop-visibility-into-open-source-code","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/workshop-visibility-into-open-source-code\/","title":{"rendered":"Workshop: Visibility Into Open Source Code"},"content":{"rendered":"

<\/p>\n

\"TrendMicro\"<\/p>\n

Trend Micro Cloud One\u2122 – Open Source Security by Snyk<\/h2>\n

In this workshop, you\u2019ll learn how to leverage Trend Micro Cloud One – Open Source Security by Snyk<\/strong> with your code repositories and CI\/CD pipelines to scan projects. This empowers security teams with better visibility, tracking, and early awareness into open source issues for more relevant insights and risk management.<\/p>\n

\n

Workshop structure Agenda<\/h2>\n

The workshop is divided into the sections listed below. Plan for around 2 hours to complete the full workshop.<\/p>\n

<\/i><\/span> 1. Introduction (10 minutes)<\/b><\/p>\n

<\/i><\/span> 2. Identify integration points, and connect to a GitHub sample repo to test for open source risks (30 minutes)<\/b><\/p>\n

<\/i><\/span> 3. Understand how to evaluate and monitor key findings and use the in-solution knowledge base (30 minutes)<\/b><\/p>\n

<\/i><\/span> 4. Gain an understanding of direct and indirect dependency mapping (30 minutes)<\/b><\/p>\n

<\/i><\/span> 5. Report and manage key findings for open source issues (15 minutes)<\/b><\/p>\n

<\/i><\/span> 8. Conclusion (5 minutes)<\/b><\/p>\n

<\/i><\/span> 9. Cleanup (5 minutes)<\/b><\/p>\n

<\/i><\/span> 10. Survey (5 minutes)<\/b><\/p>\n

\n

Learning Objectives<\/h2>\n