We will talk about how you can secure your packages and feeds and check security requirements on the packages used in developing your software solutions. Also we will cover how to make sure the packages used are compliant to the standard and requirements that exist in your organization from a licensing and security vulnerability perspective.

1. Manage Artifact
Versioning, Security
and Compliance

2. HELLO!
I am EngTeongCheah
Microsoft MVP
You can find me at @walkercet
2

3. Package Security
3
1

4. Package Feeds
▰ Trusted source of packages
▰ Secured for access by authorized accounts
4

5. Package compliance
▰ Governmental
▰ Certification
▰ Standards Institute
5

6. Securing access to packagefeeds
▰ Restricted access for consumption
▰ Restricted access for publishing
6

7. Roles
▰ Reader
▰ Collaborator
▰ Contributor
▰ Stable parts
▰ Owner
7

8. Permission
8

9. Credentials
▰ Authentication is required for Azure Artifacts
▰ Transparently taken care of when logged into
portal or in build task
▰ External package sources may required
credentials
9

10. Open Source Software
10
2

11. Open-source Software
Open-source software (OSS) is a type of
computer software in which source code is
released under a license in which the copyright
holder grants users the right to study, change,
and distribute the software to anyone and for any
purpose.
11

12. Challengeto corporates
▰ Be of low quality
▰ Have no active maintenance
▰ Contain malicious code
▰ Have security vulnerabilities
▰ Have unfavourable licensing restrictions
12

13. Licenses and vulneabilities
▰ Discriminate against persons or groups
▰ Be specific to a product
▰ Restrict other software
13

14. License implications and rating
14
▰ Compliancy
▰ Intellectual property
▰ Exclusive rights

15. Demo
15
2
Manage Open Source Security and
License with WhiteSource

16. 17
THANKS!
Anyquestions?
You can find me at
@walkercet

17. CREDITS
▰ MicrosoftDocs
18