Inspecting Open Source Software Packages for Security and License Compliance

This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.

Modern software is composed of many open source components, that are used to speed development and provide complex functionality you would normally need to write yourself. But with that convenience, there come some risks. In this course, Inspecting Open Source Software Packages for Security and License Compliance, you will learn the different types of risks involved with open source software, and how you can manage those risks by using a tool called WhiteSource Bolt. First, you will explore the licenses that come with open source libraries and components. Next, you will learn the inherent risks that come with leveraging open source libraries in your projects. Then, you will understand more about a class of tools, called software composition analysis tools, that can help you migrate those risks. Finally, you will discover a free tool called WhiteSource Bolt that you can integrate into your Azure DevOps pipeline builds, to analyze the open source components in your project. By the end of this course, you will be more confident in managing open source libraries, and better able to respond to threats to those components.