Adding SAST to CI/CD, Without Losing Any Friends

Posted on in Presentations

This learning lab will discuss multiple options for adding static application security testing (SAST) to a CI/CD, in ways that won’t compromise speed or results, such as learning which results can be safely ignored, writing rules, company-specific checks, scanning PRs instead of commits, and splitting blocking scans versus deep audit scans. The lab will also cover ways to continuously find vulnerabilities.
Recommended Reading Available in Our Bookstore

Alice and Bob Learn Application Security by Tanya Janca

Clint Gibler


Head of Security Research, Semgrep

Tanya Janca


Head of Community and Education, Semgrep

Share With Your Community