5 Steps to Integrate SAST into the DevSecOps Pipeline

Logo
Presented by

Meera Rao, Senior Principal Consultant

About this talk

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks. First, though, you must choose a static analysis model that fits your needs. You might have questions such as these: - How do I manage false positives? - How do I triage the results? - What happens to new issues identified? - My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline? - What is a “baseline scan”? Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.
Related topics:

More from this channel

Upcoming talks (11)
On-demand talks (124)
Subscribers (64786)
Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. As of October 1, 2024 the Synopsys Software Integrity Group is now Black Duck®