SCA Your First Step Toward Supply Chain Security

Presented by

WhiteSource Director of Product Rhys Arkins and guest Sandy Carielli, principal analyst, Forrester

About this talk

Over the past year, breaches like SolarWinds and Kaseya have made it impossible to ignore the threat of software supply chain attacks. Whether it’s infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories or targeting existing vulnerabilities in open source components, attackers are exploiting blind spots in supply chain controls to compromise organizations and their customers. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA). In this session, WhiteSource Director of Product Rhys Arkins and guest Sandy Carielli, principal analyst, Forrester, discuss why SCA is crucial to achieving supply chain security and why the increased threat of malicious packages has meant a shift from the traditional “scan and report” SCA approach to a “prevent and defend” supply chain security strategy. Forrester’s perspective will be presented, and different types of threats and their effects will be reviewed.

Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (169)
Subscribers (14029)
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit or follow us on twitter: @whitesourcesoft