Maximizing the Impact of Static Analysis

Presented by

Meera Rao, Senior Director – Product Management (DevOps Solutions)

About this talk

Static analysis, also known as white box testing, static application security testing (SAST), or secure code review, finds bugs in application code, back doors, and other code-based vulnerabilities so you can mitigate those risks. But no static analysis tool can effectively address threats to a development environment out of the box. And many users have the misconception that the cost of tool adoption depends primarily on getting the tool working in a build environment. Static analysis is the only way to enable developers to automatically identify vulnerabilities as they write code in their integrated development environment (IDE). With SAST, developers can: •Run scans in their IDE by using plugins that provide just-in-time security guidance. •Review source code before checking it into a version control repository. •Remediate identified vulnerabilities. •Adopt a preventative mindset. Automation is an important part of adopting a SAST tool, as it drives efficiency, consistency, and early detection, enabling organizations to shift left. For a static analysis implementation to be effective, several distinct activities must come together to establish and maximize its impact. This webinar covers some challenges of SAST implementation and provides real solutions to get the most value out of SAST tools.

Related topics:

More from this channel

Upcoming talks (27)
On-demand talks (107)
Subscribers (29952)
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.