Explore a comprehensive conference talk detailing the successful implementation of a large-scale Software Composition Analysis (SCA) exercise on hundreds of third-party vendor-managed applications in just two months. Learn how the Government Technology Agency Singapore utilized OWASP Dependency-Check to address risks from software supply chain attacks and tackle patch debt from emerging libraries. Discover insights on process design, automation, monitoring, and vendor interaction. Delve into topics such as challenges with outsourced app development, considerations for centralized vulnerability management tools, evaluation of SCA tools, operational architecture iterations, and methods for handling false positives. Gain valuable knowledge on suppression techniques, scanning base products, and addressing vendors' challenges of non-exploitability in this informative 51-minute presentation by Frank Liauw, Senior Red Team Engineer and AppSec Team Lead.