COSCUP 2024

Let's tackle open-source supply chain issues with open source
2024-08-04, 15:25–15:55 (Asia/Taipei), TR514

The open-source supply chain issue has attracted considerable attention. Therefore, there is a focus on managing software dependencies and vulnerabilities using SBOM (Software Bill of Materials). In this talk, he will discuss how to create an SBOM from software dependencies using Dependency-Track, an open-source tool developed primarily by OWASP, and CycloneDX, a SBOM format, to visualize vulnerabilities in the software being developed.

Download Slide


In this talk, he will demonstrate how to use OWASP Dependency Track (https://github.com/DependencyTrack/dependency-track) and showcase the process of creating a CycloneDX-formatted SBOM from Ruby on Rails gem dependencies to be utilized within the platform.

Naruhiko Ogasawara is a security engineer in Japan. His expertise lies in vulnerability detection through source code static analysis for applications. He is also an avid enthusiast of desktop OSS, favoring LibreOffice and Ubuntu. He is a watcher of Linux printing technology. He is a former member of The Document Foundation and OpenPrinting Japan.

This speaker also appears in: