SAST, DAST and IAST Are Not Enough (to Cover Your Ass)
SAST, DAST, SCA and IAST are security tools that address bugs, zero-day vulnerabilities and the first layer of potentially insecure components in the development and deployment process. They all have a place, but most of these tools do not scan open source components beyond the first dependency layer, if they scan open source components at all.
Unfortunately, the reality of the last five years is that open source packages are being heavily targeted by malicious actors using new tools and tactics. These newfound vectors of attack call for new approaches, tools and controls. It’s time to make open source supply chain security mission-critical.
In this webinar, our experts discuss the steps organizations can take to go from zero visibility to world-class supply chain security in practice. We cover:
- The “two-stage compromise” nature of software supply chain attacks
- Common issues with relying on open source public repositories
- The SLSA framework as an actionable reference for best practice implementation
- How our customers are addressing the gaps in traditional AppSec and secure software development frameworks (SSDFs)
- Live demo of securing the supply chain for a Python project using the ActiveState Platform
Download this eBook to discover the 5 step journey you’ll need to take to achieve true software supply chain security.
ActiveState’s Software Attestation Early Access Program provides a hands-on introduction on how to work with Attestations. See how.