Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception.

SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.

In this video, we discuss real-world implications of supply chain risk and break down how an SCA tool fits into your security position.

Introduction 0:00
Risks of dependencies 0:20
Log4J Example 2:25
UA Parsjer Example 3:15
Event-stream example 4:01
SCA tools 4:40
SBOM 6:25