Demonstration of FASTEN Dependency Management tools on top of Maven, FASTEN virtual workshop, April 8, 2021

•

0 likes•15 views

The final goal of the FASTEN project is to be able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance, and dependency risk profiles by relying on the call-level dependency network of the whole software ecosystem. In this talk, we will present some first results of the project and demonstrates how FASTEN works on top of Java/Maven ecosystem.

Technology

Current Solutions
Call Dependency
Networks (CDNs)

Data streams
Package repositories
Vulnerability information
FASTEN server
Call graph generators
Analysis layer
Security Change impact
Compliance Quality and Risk
Storage layer
REST
API
Web
UI
Continuous
Integration
servers

my-app
my-lib
sayHello(true)
3.0.0
my-other-lib
proxy()
1.0.0
sayHello()
3.0.0
sayHello(true)
sayHello()

my-app
my-lib
sayHello(“John”)
4.0.0
my-other-lib
proxy()
1.0.0
sayHello()
3.0.0
sayHello(boolean)
sayHello()
sayHello(String)

https://www.fasten-project.eu/
https://github.com/fasten-project
https://twitter.com/fastenproject
The FASTEN project has received funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 825328.
Questions?

Marios Chatziangelou presents the EGI applications database | OSFair2017 Workshop Workshop overview: This collaborative workshop comes in the context of coordinating EOSC related activities across large European infrastructures at European and national level. The workshop will offer an opportunity for cross-pollination on issues ranging from open scholarship to technical service provision, training, community engagement and support. OpenAIRE NOADs, EGI NGIs, GEANT NRENs and other national e-Infrastructure representatives will discuss gaps, synergies, coordination and service integration opportunities. DAY 3 - PARALLEL SESSION 6 & 7

Ethical Hacking

Mazenetsolution

As cyber attacks increase, so does the demand for information security professionals who possess true network penetration testing, Web Application Security and ethical hacking skills. There are several ethical hacking courses that claim to teach these skills, but few actually do. EC Council's Certified Ethical Hacker (CEH V8) course truly prepares you to conduct successful penetration testing and ethical hacking projects.

Wcf rest api introduction

Himanshu Desai

Open Cybersecurity Alliance Briefing at RSAC 2020

Carol Geyer

Network Security Data Visualization

amiable_indian

News bytes Oct-2011

Ashwin Patil, GCIH, GCIA, GCFE

Looking Forward… and Beyond - Distinctiveness Through Security Excellence

Ludovic Petit

OWASP Portland - OWASP Top 10 For JavaScript Developers

Lewis Ardern

With the release of the OWASP TOP 10 2017 we saw new issues rise as contenders of most common issues in the web landscape. Much of the OWASP documentation displays issues, and remediation advice/code relating to Java, C++, and C#; however not much relating to JavaScript. JavaScript has drastically changed over the last few years with the release of Angular, React, and Vue, alongside the popular use of NodeJS and its libraries/frameworks. This talk will introduce you to the OWASP Top 10 explaining JavaScript client and server-side vulnerabilities.

JavaOne 2010: Building enterprise web applications with spring 3 Spring is an open source, lightweight Java framework that has become the de facto standard of Java enterprise application development. This session will adopt a learn-by-example approach that combines the philosophy and theory behind Spring with concrete code examples. You'll be walked through building a full-featured Spring 3.0 enterprise Web application end to end. The basics of the Spring framework, design patterns, and best practices will be picked up along the way. Topic to be covered topics include: Dependency Injection, Spring MVC, Spring DAO, Spring ORM, Spring AOP, and Spring Security. This session is intended for developers at any level who are interested in writing Spring or Spring MVC Web applications.

Apache Felix Web Console

Felix Meschberger

ECM and Open Source Software: A Disruptive Force in ECM Solutions

Jeff Potts

Open source software is finally getting the recognition it deserves from analysts like Forrester and Gartner as a disruptive force in IT. Over the years, open source has “climbed up the stack” from operating systems to databases and now to business applications where it has established a firm foothold in the content management space.What should enterprises know about open source content management? Is it really just for Web Content Management (WCM) or does it meet the needs of broader Enterprise Content Management (ECM) deployments? Arelarge enterprises doing big, meaningful content management projects with open source or is its appeal limited to subsets of the market? What about Enterprise 2.0 initiatives? Can you assemble an Enterprise 2.0 solution from open source components? How does it compare with something like Sharepoint?

Open Innovation means Open Source

Bertrand Delacretaz

J2 Ee Vs. .Net Workshop

danglvh

Detecting virtual machine co residency in cloud computing with active traffic...

James A. Savage

Summary description of research project involving a simple technique that can be used to detect virtual machines (VMs) that reside on the same physical host. Detection of co-resident VMs is one possible goal for an attacker conducting reconnaissance. If detected, an attacker could then attempt to gain access to VM memory andor other VM resources and possibly steal data or inject malware. Since cloud-based services utilize virtual infrastructures the ability to detect co-resident VMs has important implications for security in a virtual machine environment.

DevOps Sydney- Building Better Containers with Habitat

Matt Ray

HTML5 Intoduction for Web Developers

Sascha Corti

Open Cross-Document Linking Service Based on a Plug-in Architecture

Ahmed Tayeh

Enabling an Accessible Web 2.0

bgibson

Story line

Andrei Salanoi

Vijay Mix Presentation

vijayrvr

DataFinder: A Python Application for Scientific Data Management

Andreas Schreiber

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

Weaveworks

Cloud-native applications are increasingly spanning across hybrid and multi-cloud environments such as on-premise data centers, in the cloud (Amazon EKS, Azure AKS, Google Cloud GKE) and at the edge. Customers need to ensure security and resiliency for their cloud-native applications while managing releases through reliable, consistent deployment and runtime policies. In this session, we’ve partnered with Tetrate to showcase how to effectively manage advanced deployments using Weave GitOps. Managing application configurations by different teams across multiple Kubernetes clusters is made possible with Weave GitOps and Tetrate Service Bridge. Using familiar Git workflows, Weave Policy-as-Code enables application engineers to quickly deliver new features safely. Join us as we demonstrate the scenarios where: - All changes to application configuration are managed through Git workflows. - GitOps provides an extra layer of security by removing the need for direct access to Kubernetes clusters. - Policy-as-Code guarantees security, resilience and coding standards compliance. - Tetrate Service Bridge provides dynamic configuration of application workloads and failover across multiple Kubernetes clusters.

API Design: Women Who Code (WWCode) DFW

Axway

Axway's Emmelyn Wang was the featured speaker at the Women Who Code Dallas/Ft. Worth Meetup at the stunning Alkami Technology Headquarters in Plano, TX. The most important thing about API Design is for API developers (and product managers, additional stakeholders) to have empathy for API consumers to create the best Developer Experience possible which is technically critical and key to adoption as a business driver. This approach means that the API specification, the contract between the API provider and API consumer, serves as the core of the design and experience.

Software Composition Analysis in PHP

Piotr Horzycki

Web applications are made of more and more external packages and libraries. It's easy to pull "free stuff" from the Web, but is it as easy to maintain a big project composed from random dependencies? Based on my experience with enterprise-grade payment systems I will tell you how we ensure the security of our applications, how we pick the best libraries and how we avoid being sued for copyright infringement. You will learn software development driven by a reliable analysis and not just hype, Stack Overflow and GitHub stars.

Creating hypermedia APIs in a few minutes using the API Platform framework

Les-Tilleuls.coop

**Download the PPT to see screencasts** API Platform is new open source PHP framework dedicated to the creation of modern web APIs. It allows to bootstrap a fully featured API (pagination, validation, filtering, sorting, automatically generated documentation, HTTP cache, OAuth and JWT auth...) in just a few minutes. It exposes out of the box popular API formats including Swagger, JSON-LD, Hydra, HAL, JSONAPI and Schema.org. It is extensible and can be specialized with ease. Because it is built on top of the industry-leading Symfony framework, it already counts hundreds of available extensions (bundles). In this talk, I'll show how to create a hypermedia API in just a few lines of codes, then take a look to the main features of the framework.

FASTEN presentation at FOSDEM 2022 : Making Dependency Management Intelligent

Fasten Project

FASTEN presentation at OW2con'22

Fasten Project

Similar to Demonstration of FASTEN Dependency Management tools on top of Maven, FASTEN virtual workshop, April 8, 2021

Microsoft Build 2023 Updates – Copilot Stack and Azure OpenAI Service (Machin...

Naoki (Neo) SATO

Web 2.0 using Microsoft Technologies

Abhishek Kant

SynapseIndia dotnet framework library

Synapseindiappsdevelopment

Building enterprise web applications with spring 3

Abdelmonaim Remani

Apache Felix Web Console

Felix Meschberger

ECM and Open Source Software: A Disruptive Force in ECM Solutions

Jeff Potts

Open Innovation means Open Source

Bertrand Delacretaz

J2 Ee Vs. .Net Workshop

danglvh

Detecting virtual machine co residency in cloud computing with active traffic...

James A. Savage

DevOps Sydney- Building Better Containers with Habitat

Matt Ray

HTML5 Intoduction for Web Developers

Sascha Corti

Open Cross-Document Linking Service Based on a Plug-in Architecture

Ahmed Tayeh

Enabling an Accessible Web 2.0

bgibson

Story line

Andrei Salanoi

Vijay Mix Presentation

vijayrvr

DataFinder: A Python Application for Scientific Data Management

Andreas Schreiber

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

Weaveworks

API Design: Women Who Code (WWCode) DFW

Axway

Software Composition Analysis in PHP

Piotr Horzycki

Creating hypermedia APIs in a few minutes using the API Platform framework

Les-Tilleuls.coop

Similar to Demonstration of FASTEN Dependency Management tools on top of Maven, FASTEN virtual workshop, April 8, 2021 (20)

Microsoft Build 2023 Updates – Copilot Stack and Azure OpenAI Service (Machin...

Web 2.0 using Microsoft Technologies

SynapseIndia dotnet framework library

Building enterprise web applications with spring 3

Apache Felix Web Console

ECM and Open Source Software: A Disruptive Force in ECM Solutions

Open Innovation means Open Source

J2 Ee Vs. .Net Workshop

Detecting virtual machine co residency in cloud computing with active traffic...

DevOps Sydney- Building Better Containers with Habitat

HTML5 Intoduction for Web Developers

Open Cross-Document Linking Service Based on a Plug-in Architecture

Enabling an Accessible Web 2.0

Story line

Vijay Mix Presentation

DataFinder: A Python Application for Scientific Data Management

Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...

API Design: Women Who Code (WWCode) DFW

Software Composition Analysis in PHP

Creating hypermedia APIs in a few minutes using the API Platform framework

More from Fasten Project

FASTEN presentation at FOSDEM 2022 : Making Dependency Management Intelligent

Fasten Project

FASTEN presentation at OW2con'22

Fasten Project

FASTEN presentation at OW2con 2021

Fasten Project

FASTEN Introduction, at EclipseCon 2021

Fasten Project

Software dependencies can be viewed as graph that only get bigger as software evolved. This lead to multiple challenging situations related to security, quality, licensing and more. Today tools are great but more accurate tools such as FASTEN are under development. Join me to learn how the current dependency management tool are evolving to cope with the growing complexity of software development. Discover the presentation by Antoine Mottier, OW2 CTO.

FASTEN presentation at OSS2021, by Michele Scarlato, Endocode, May 12, 2021, ...

Fasten Project

The FASTEN project wants to support DevOps teams and help developers tracking, managing and mastering dependencies. FASTEN’s goal is to develop a toolchain that is provisioning and collecting project information, security alerts, and repositories from well-known and widely used services. It merges this information into a data stream, performs analysis, stores it, and, consequently, builds a call-graph for each analyzed project. The gathered information is made available through a REST API and Web UI and performs continuous integration to provide developers with updated and sanitized versions of their dependencies. One part of this toolchain will be an Open Source license analysis. This analysis should perform a verification and compatibility check on licenses used in Open Source projects and facilitate development from a user perspective as well as create industry-relevant information on license infringements. This functionality shall be presented in this talk. FASTEN has received funding from the European Union's Horizon 2020 research and innovation programme. It is carried out by a Consortium composed of AUEB, TUDelft, University of Milan-Bicocca, Endocode, OW2, SIG, and XWIKI.

FASTEN user experience from a software vendor perspective : The future of ext...

Fasten Project

Eclipse sw360 Web Application for managing software Bill-Of-Material, FASTEN ...

Fasten Project

The Eclipse SW360 project provides a server application for the management of used software components in an organization. The catalogue can then be used to create Software Bill-of-Materials (SBOM) for products and projects. SBOM management is essential for a number of important aspects when delivering products: for understanding if vulnerabilities are relevant, for reviewing the licensing situation, for covering trade compliance and last but not least for the generation of compliance documentation. SW360 itself focusses only on SBOM management and the support of the approval processes, it does not scan for licenses nor for dependencies. For these tasks, integration with other OSS tools, for example, FOSSology for license scanning is provided. To automate the SBOM management, SW360 provides a REST API which allows CI infrastructure to call SW360 directly for checks, downloads or uploads. SW360 is a project hosted by the Eclipse Foundation licensed under the EPL-2.0; thus it is available for everyone as Open Source software.

Highlight on FASTEN's Software Composition Analysis Market Background, Virtua...

Fasten Project

Software Ecosystems as Networks - Advances on the FASTEN project, Paolo Boldi...

Fasten Project

FASTEN was presented in the Devroom on Dependency Management at FOSDEM 2021. Presentation Abstract: The goal of the EU project FASTEN is being able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance, and dependency risk profiles (among others) by relying on the call-level dependency network of the whole software ecosystem. We outline the purpose and structure of the project, and present some preliminary results.

FASTEN presentation at SFScon, November 2020

Fasten Project

This presentation was given by Paolo Boldi, Milano University, online. Abstract:The goal of the EU project FASTEN is being able to perform a more sophisticated analysis of security-vulnerability propagation, licensing compliance, and dependency risk profiles (among others) by relying on the call-level dependency network of the whole software ecosystem. We outline the purpose and structure of the project, and present some preliminary results.

FASTEN: Scaling static analyses to ecosystem, presented at FOSDEM 2020 in Bru...

Fasten Project

FOSDEM 2020 Presentation - There's no sustainability problem in FOSS, Except ...

Fasten Project

FOSDEM 2020 Presentation: Comparing dependency management issues across packa...

Fasten Project

FOSDEM 2020 Presentation : Precise, cross-project code navigation at GitHub s...

Fasten Project

Presentation of the FASTEN project, Conference SFScon, Bolzano, Italy

Fasten Project

FASTEN H2020 project presentation at Paris Open Source Summit, December 2019.

Fasten Project

Fasten and Quartermaster presentation at FOSSCOMM, October 2019 in Lamia, Gre...

Fasten Project

Software engineers reuse code to reduce development and maintenance costs but how safe is it to use open source software (OSS)? By using OSS and dependencies to external libraries they can introduce to projects significant operational and compliance risk as well as difficult to assess security implications. The aim of the FASTEN project (a European Union’s H2020 research and innovation programme led by TU Delft) is to address this situation, by developing an intelligent software package management system that will enhance robustness and security in software ecosystems. Our team in Endocode AG is part of the FASTEN project with our FOSS toolchain Quartermaster, which detects license compliance on softwares.

Fasten Industry Meeting with GitHub about Dependancy Management

Fasten Project

More from Fasten Project (18)