Scan open source components for vulnerabilities and license ratings in Azure Pipelines

Intermediate
DevOps Engineer
Administrator
Developer
Solution Architect
Azure DevOps

Scan open-source components for security vulnerabilities and assess their license ratings when your application builds in Azure Pipelines.

Learning objectives

In this module, you will:

  • Learn which tools you can use to inspect open-source software packages for security and license ratings
  • Access package and license ratings for open-source components by using WhiteSource Bolt
  • Analyze the results of the scan so you can take the appropriate action

Prerequisites

  • An Azure DevOps organization
  • Visual Studio Code
  • .NET Core 3.1
  • Git
  • A GitHub account