• Home /
  • Automating the software supply chain to reduce application security risks

Devsec Ops specialist group event.

Watch the video


Download the presentation slides (PDF)


The phrase “software supply chain” is relatively new, coined around 2014 as a result of a growing awareness of the role of open-source components in the Software Development Life-Cycle (SDLC).

Sonatype was one of the first organisations to adopt the phrase, along with its natural extension, “software supply chain management.” Much in the same way as a car manufacturer needs to source, track and monitor the quality of components used in the manufacture of a motor vehicles, anyone in the software industry should understand the same. Organisations involved in software development need to understand how to enable their teams to develop at scale and speed, without compromising quality, security or governance.

DevSecOps experts from Sonatype will explain the challenges of the “software supply chain” and demonstrate how modern developer-friendly technology such as their open-source and licenced products can help reduce security risks and improve productivity.

By attending this event you will be able to see how DevSecOps tools and processes can support developers and so eliminate the friction and risks associated with performing manual checks. This talk is relevant to application developers, security professional and anyone learning, implementing or supporting DevOps/DevSecOps automation technologies.

Sonatype’s software supply chain management platform helps more than 2,000 organizations and 15 million software developers simultaneously accelerate innovation and improve application security. Sonatype’s machine learning engine (Nexus Intelligence) has analysed more than 100 million open source components which can be used to help developers make better decisions.

Sonatype have a range of open-source and free tools available that are ideal for learning as well as providing some useful foundational capabilities to development teams.

About the speakers

Steve Garry, Joseph Bernie, Nick Coombs, DevSecOps Advocates, Sonatype

With a wealth of knowledge across the Application Development sector, Nick, Joseph and Steve combined have in excess of 50 years’ experience of working alongside the largest corporations in both private and public sector delivering invaluable expertise and efficiencies to those organisations without compromising quality, security or compliance.

In this session we would like to share some of those experiences and provide guidance as to how they may apply to your organisation whether new to DevSecOps or looking to improve on an already proven process.

Our events are for adults aged 16 years and over.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us make IT good for society. Join BCS today. Enjoy a 20% BCS Discount on membership using BCSDEVSO20.

For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.

BCS is following government guidelines and we would ask attendees to continue to also follow these guidelines. Please go to https://www.nhs.uk/conditions/coronavirus-covid-19/ for more information, advice, and instructions.

This event is brought to you by: BCS DevSecOps specialist group

Automating the software supply chain to reduce application security risks
Date and time
Monday 17 October, 6:30pm - 8:00pm
BCS, The Chartered Institute for IT
25 Copthall Ave
This event is sold out