Three weeks ago I had a pleasure to be one of the lecturers at OWASP Meeting in Toruń. With my colleague Marcin Mergo we had a talk about managing Open Source dependencies in various kind of projects.
During the talk we've discussed commercial (Black Duck Hub, Whitesource) and Open Source (FOSSology, OWASP Dependency Check) tools that can help hunting insecure and out-of date dependencies and check if any of them has a non-compatible license (like GPL). We've also said a few words about how we are using some of these tools at Consdata.
During second presentation, Paweł Skarżyński from Allegro had a talk about the automated approach to applications security tests. He presented a very interesting tool that he developed for internal use that provides an easy way to test (and report) code changes for different kind of security bugs to fullfill strict product requirements.
Photos from the event alongside with the record of the presentations should be available soon at the event's page.