Adding SAST to CI/CD, Without Losing Any Friends


Posted on in Presentations

This learning lab will discuss multiple options for adding static application security testing (SAST) to a CI/CD, in ways that won’t compromise speed or results, such as learning which results can be safely ignored, writing rules, company-specific checks, scanning PRs instead of commits, and splitting blocking scans versus deep audit scans. The lab will also cover ways to continuously find vulnerabilities.
Participants
Clint Gibler

Facilitator

Head of Security Research, Semgrep

Tanya Janca

Facilitator

Head of Community and Education, Semgrep


Share With Your Community