software-supply-chain-security-java

This repo contains articles, videos, and resources on software supply chain security that I came across during my research. Below, you can first see the architecture of the project to be implemented and access the detailed technology stack through the links.

🔗 GitHub Links

Proje Adı	Açıklama	GitHub Linki
Awesome software supply chain security	A compilation of resources in the software supply chain security domain, with emphasis on open source	awesome-software-supply-chain-security
Proje 2	Açıklama 2	GitHub Proje 2
Proje 3	Açıklama 3	GitHub Proje 3
Proje 4	Açıklama 4	GitHub Proje 4

---

🎥 Videos

Başlık	Yükleyen	Yayın Tarihi	İzlenme Sayısı
Securing the Supply Chain for Your Java Applications By Thomas Vitale	Devoxx	06.10.2023	500+
Video 2	Kanal 2	02.01.2023	500+
Video 3	Kanal 3	03.01.2023	2000+
Video 4	Kanal 4	04.01.2023	300+

---

📝 Article

Başlık	Yazar	Yayın Tarihi	Değerlendirme
Supply Chain Security	aqua	None	⭐⭐⭐⭐⭐
How to create SBOMs in Java with Maven and Gradle	snyk	28.11.2022	⭐⭐⭐⭐
SBOM Quick Start	Sonatype	None	⭐⭐⭐⭐
Yazı 4	Yazar 4	04.01.2023	⭐⭐⭐

---

👤 LinkedIn Profiles to Follow

Name	Title	Profile Link
Person 1	Position 1	LinkedIn Profile 1
Person 2	Position 2	LinkedIn Profile 2
Person 3	Position 3	LinkedIn Profile 3
Person 4	Position 4	LinkedIn Profile 4

---

Dependency Track

Installed with docker-compose.yaml

Sonarqube

• docker pull sonarqube:communition
• docker run -d --name sonarqube -p 9000:9000 -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -e SONAR_JAVA_OPTS="-Xmx4g -Xms512m -XX:+HeapDumpOnOutOfMemoryError" sonarqube:community

We can use below command for project SCA

mvn clean package sonar:sonar -Dsonar.projecKey=secure-devOps -Dsonar.host.url=http://localhost:9000 -Dsonar.login=sqa_8d5781d430cef6f2ba2c08e691ef6b01bd0c8f28 -Dsonar.exclusions=**/*.java this login token will be changing because of this sonarqube does not persistent