Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Marek_Najmajer_Aleksander_Baranowski_beyond_sbom_risk_assessment Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:03 agenda 2:59 marek and aleksander 3:37 risk model 5:49 fundamentals 7:15 whys and whats of software composition analysis 8:36 risks - what if we don't? 9:35 software composition analysis - risk management (scarm) 12:01 contributor profile 16:29 project activity = project dynamics 19:56 code quality 22:27 vulnerabilities (cve dynamics) 26:37 how to plug it into the software deployment pipeline? 28:57 production pipeline 30:09 devsecops by linux polska 30:48 how to make it happen? just start... 32:33 new web service platform... 34:31 streamline your security assessments 35:45 sourcemotion 35:54 thank you, contact us!