Software supply chain security has never been more critical, and protecting our systems from bad actors and vulnerabilities remains a constant challenge. In the Java ecosystem, the severe vulnerabilities affecting the widely used Log4J2 library made it even more evident that we must have a strategy to protect our systems.
This hands-on workshop will guide you in securing the supply chain for your Spring Boot applications. It will cover a range of techniques, patterns, and technologies for secure dependency management, source code integrity, safe builds, vulnerability scanning of Java source code and images, signing and verifying production artifacts, and implementing patching strategies.
Familiarity with Java and core Spring Boot.
Laptop with a Java IDE and Docker Desktop/Podman Desktop installed.
A GitHub personal account.