Name: 5 Steps to Integrate SAST into the DevSecOps Pipeline
Start: 2023-06-08T09:00:00Z
End: 2023-06-08T09:01:00.000Z
Location: BrightTALK
Rating: 5

Black Duck is now defining the next frontier of application security. With the avalanche of AI-generated code plus expanding regulatory pressure, you need solutions that can scale, adapt, and keep pace with the demands of your business.

Black Duck meets the demands of modern software development with True Scale Application Security. In the cloud or on-prem, 100,000 lines of code or 100 million. For safety-critical systems with stringent compliance requirements or modern web apps deploying 100 times per day. Our flexible, scalable, high-precision solutions enable you to code with confidence.

AI coding assistants and open source AI models are revolutionizing productivity and innovation. But these new resources introduce a systemic challenge that impacts the entire pipeline. How do we embrace innovation without introducing invisible risk at astonishing scale? Does AI-enabled development threaten the value of the assets that drive your business? This session shows the results of a new study on this shared reality. It shows a way to get security and compliance done that doesn’t stop development teams.
We’ll address the main worries of technology executives and effective approaches to handling risks caused by AI. It's time to align development and security teams. You may ask how? Through integrated tools that make secure coding a natural part of daily workflows.
What’s in it for you?
• Gain exclusive insights from new research on AI adoption and its security implications
• Learn practical strategies to manage AI-generated risks in development pipelines
• Discover how to align Security and Development for frictionless, secure innovation

Secure or Sorry? What AppSec Leaders Must Know About AI Adoption

Open source software powers modern development—but it also introduces risks. From direct and transitive dependencies to container images, these risks can enter your applications in many ways, often without full visibility. 

Join this webinar to learn

• The common entry points for open source in your applications
• The risks of unmanaged open source, including vulnerabilities and license issues
• Best practices for securing and governing open source usage
• Tools and strategies for maintaining compliance and visibility

Whether you're a developer, security professional, or compliance lead, this session will help you build safer, more resilient software.

The Open Source Wildcard: Don't Roll the Dice on Risk

The tech M&A landscape is rapidly evolving with the pervasive integration of AI into target company applications. As machine learning, Generative AI, and other intelligent technologies become central to innovation, traditional software due diligence is no longer enough. This session addresses the critical new dimensions of risk and opportunity that AI introduces to acquisitions.

Join us for a practical framework designed to equip M&A principals and legal counsel with the tools to thoroughly assess AI-driven targets. We’ll dive into the essential areas you must explore, from evaluating model provenance and performance to navigating complex data governance and ethical considerations.

Key takeaways will include how-to effectively assess:

• AI Footprint: Understanding the strategic implementation and problem-solving capabilities of AI.
• Security Risks: Comprehensive data protection, access control, and penetration testing for AI systems.
• Legal & IP Risks: Clarifying model and training data ownership, alongside API terms.
• Quality & Reliability Risks: Ensuring performance, effective retraining, and model explainability.
• Regulatory & Compliance Risks: Navigating emerging regulations like the EU AI Act and critical data privacy concerns.

M&A's New Frontier: Assessing AI Software Risk in Your Next Deal

AI-enabled development tools and coding assistants are pushing CI pipelines, fueling innovation, and iterating business-critical software faster than ever before. Security teams are now forced to catch up. The burden to remedy AI tools often weak coding practices and to overcome their ignorance to third-party vulnerabilities and licenses is further complicated by developers' implicit trust in their output and an intrinsic incompatibility between AppSec and Dev teams' primary role: to ship functional code quickly.  

Enterprises can no longer treat development and AppSec workflows as separate entities. To unify them, however, requires fast, reliable, automated ways to evaluate every line of code that flows through the pipeline and to provide immediate access to fix methods. This only manifests with integrated security gates across CI/CD pipelines, aligned to risk-tolerance standards and optimized to maintain the speed benefits of AI-enabled development.  

Join us as we analyze DevSecOps in the age of AI and structure a viable strategy that accounts for:  

- Software security and license compliance issues introduced, at speed, by AI coding assistants  
- The dissonance between the adoption of AI-enabled dev tools and AppSec's preparedness to secure their output  
- Business priorities that span development, security, legal, and executive requirements

AI's IOU: Maximizing value from AI without paying for it later

With software development accelerating in the AI era, there are even more sources of vulnerabilities to track. Managing this is an enormously complex task, as organizations are already struggling to unify data across disparate tools for testing, SCM, and reporting. As more organizations adopt AI-assisted development, existing issues with fragmented risk visibility will only get bigger. 
 
In this webinar, you will learn about capabilities for achieving a high-fidelity, organizational view of risk posture to better streamline auditing, visualize AppSec gaps, and identify your most vulnerable software. We will talk about necessary capabilities for aggregating key sources of data, standardizing risk scoring, and how you can set up the right technical foundations for success.

Contextualizing Risk in the Age of AI Development

AppSec teams are being stretched to the limit trying to keep up with the pace, volume and complexity of modern application development. Current trends in software development – the transformative role AI, the increasingly complex and vulnerable software supply chain, and the mounting requirement to both scale and focus security issue remediation – help shed light on what measures organizations need to put in place to stay ahead.     

In this session we will outline these trends and provide data and insights from our research into them. We will also outline practical steps you can take now to position yourselves to manage the evolving requirements of Application Security.

The State of AppSec & Beyond

Join two of our cybersecurity experts for a lightning round that cuts through the hype and addresses the immediate challenges of AI in software development. We'll explore the paradigm shift that is reshaping creativity and problem-solving in development, the new frontier of AI-influenced software risk, and discuss ways in which AI coding assistants and open source AI models form the next evolution of the software supply chain crisis.
 
This session charts a course from high-level business concerns directly to the developer experience, examining:
- The business and contractual liabilities that arise when AI-generated code enters your products.
- New, instinct-driven "vibe programming" and the debate over whether this emerging methodology is a sustainable path to innovation or a source of unpredictable risk.
- How AI coding assistance alters hiring strategies and the critical role of code review by security-capable developers in an AI-driven workflow.
- Emerging attack vectors tied to the growing use of open-source AI models.
- Viable paths forward to harness the power of AI, manage its inherent risks, and minimize organizational disruption by establishing resilient and scalable safety nets within your pipeline.

AI-Assisted Disruption: How Change Impacts Dev and Sec as Organizations Pivot to AI

Application security hasn’t gotten any simpler—especially as AI accelerates the way software is built. More code, more complexity, and more fragmented tooling make it harder to answer a basic question: Where are we exposed?  

This session explores how teams can regain clarity at the first step of any risk management program. That means identifying what’s running, what’s been tested, and what needs attention. We’ll look at how automation, speed, and policy can work together to improve visibility without slowing delivery.  

As part of Black Duck’s broader approach to application risk management, we’ll also show how solutions like Black Duck Polaris™ Platform scales with the way modern teams build software.

Identifying Risk in the Age of AI-Assisted Development

Security is the result of implementing the tools, personnel, and insight necessary to make informed decisions to mitigate risks within the software you create and the assets you consume through the software supply chain. While this process can be elaborate, rapid releases and CI/CD methodologies require that AppSec move at the speed of DevOps.

Achieving this is only possible with integrated controls and mechanisms to detect, prioritize, and address security issues at every stage in the SDLC and CI/CD pipelines. But how do you get there?

Join us as we recommend ways to establish security within DevOps without sacrificing efficiency. We’ll discuss:
- Pitfalls that can derail an organization’s AppSec initiative
- Strategies for overcoming obstacles to efficient, effective DevSecOps
- Recommendations for realizing integrated DevSecOps at scale

Integrating AppSec for Efficient DevSecOps

AI technologies are compelling teams to accelerate software development and to explore innovations previously regarded as unattainable. While 67% of organizations use AI coding assistants at least weekly to realize these goals, 57% feel that using AI coding assistants has introduced new security risks or has made it harder to detect issues in their codebase. AppSec teams are scrambling to keep pace.  

Join us for an in-depth exploration of today's DevSecOps landscape based on our yearly Global State of DevSecOps report and findings from independent research institute, SANS. We'll examine the delicate balance between AI-assisted development and modern DevSecOps strategies, focusing on: 
* The impact of AI coding assistants on development pipelines and security workflows 
* How AI-ready organizations maximize AppSec coverage and agility 
* The evolution of traditional application security testing (AST) to AI-enabled AST 
* Prerequisites for a scalable, robust DevSecOps program purpose-built for AI-enabled development

From Code to Security: The DevSecOps Frontier

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

Evaluating a target’s software development process, software architecture, and code quality are becoming a must do in M&A software due diligence. Acquiring poorly designed software or buggy code could derail your post-close plans. 

Join this webinar to learn how to sidestep the tech debt trap. We’ll cover: 

      - The dimensions of software quality 
     - Norms for typical tech M&A targets 
     - How to uncover and mitigate tech debt and post-close “gotchas” 
     - Software due diligence best practices around software quality

Avoid Buggy Deals: Evaluating Software Quality in M&A Due Diligence

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

How to Navigate NIST, CRA, and FDA Regulations

Software is essential in everyday products like cars, medical devices, airplanes, and IoT devices. Bugs and security flaws can have serious impacts on safety, the environment, and your reputation. As AI speeds up software development, it's more important than ever to keep your policies, coding standards, and testing up to date.

In this webinar, we’ll discuss:
- Trends that offer innovation but also increase the risk of costly errors
- Updates to functional safety standards that improve software reliability
- How to reduce supply chain risks by getting a full view of your software
- Strengthening software with thorough testing techniques

Register now to learn practical tips for creating secure, reliable functional safety software in 2025 and beyond.

Building Safe and Reliable Software in 2025

Developers have utilized source code management (SCM) tools since the 1980s to track, control, and manage changes across the software development life cycle. But the use of SCM tools is even more widespread now due to the emergence of distributed version control systems such as Git.

For DevSecOps though, it is essential to seamlessly integrate application security testing (AST) into the SCM environment, without compromising on fidelity and scalability. This gives organizations complete control over AST in their CI/CD pipelines.

What you'll learn:
- Onboard new projects easily from GitHub
- Get a centralized view of all your projects
- Orchestrate AST within GitHub actions & workflows
- Monitor all of your GitHub organizations continuously

Getting high fidelity AppSec results within your SCM environment

The Bridge CLI, Coverity CLI, and cov-build offer different ways to run your Coverity Static Analysis.  Join us as we explore how these tools complement each other and help you discover the right one for your CI/CD pipelines, pull request workflows, and ad-hoc scans. This session will include a live demonstration followed by a brief Q&A.  This webinar is targeted for developers, DevOps, or anyone responsible for configuring Coverity Analysis.

The CI/CD Plugin Playbook: How Bridge CLI, Coverity CLI, and cov-build Fit Together

Any tech acquisition target worth its salt is not only using generative AI tools to write code, but also incorporating AI technology into its products. As AI transforms these companies’ applications, and how they develop them, potential investors and acquirers face a new set of risks and questions. 

Join our panel of tech lawyer/AI experts for sage advice on how-to up your software due diligence game. Whether you’re an acquirer, an investor, or expect to be on the sell-side one of these days, learn about:

• The evolving state of risks associated with non-human written code
• Important considerations for integrators of AI models, evaluating the chain of custody and legal hygiene of datasets
• How due diligence is evolving to help investors and acquirers assess and plan for risks
• Market reps and warranties to complement derisking through due diligence 

Register today.

Intelligent Software Due Diligence in the Age of Artificial Intelligence

Join us for an exclusive insider session! We’ll explore the latest trends and challenges in embedded software development. “The State of Embedded Software Quality and Safety” report uncovers key issues in the industry. It highlights the fast rise of AI, potential new risks to software quality, and a shift in what’s driving Software Bill of Materials (SBOMs) requirements.

Here's what you can expect to learn
• How “shadow AI” introduces new risks to governance, security, and IP
• The evolving skillset required for modern embedded developers
• The rising demand for SBOMs as a commercial requirement
• Strategies for balancing speed and quality in software development
• How leading organizations are managing the risks associated with AI and open source software

Get key insights into embedded software development. You'll learn to handle quality, safety, and security in an AI-driven world.

The Rise of AI and New Risks to Embedded Software Development

APIs have become central to the daily operations of most businesses. Their rapid proliferation has exposed significant vulnerabilities that need immediate attention. This presentation provides an in-depth assessment of the current state of API security. We discuss the growth of API-related incidents and provide a framework for improving API security within organizations.

Join this webinar to learn about
• API security challenges due to the increase in API usage, and the resulting vulnerabilities
• Proactive security integrations for incorporating security measures throughout the entire API development life cycle
• A framework for enhancing API security to protect against emerging threats

Elevating API Security: A Structured Approach

This year’s DevSecOps report defines a vivid image of organizations’ journey to secure their software development pipelines. It provides intriguing conclusions about operational challenges, AppSec efficiency, and evolving risk exposure amid the rise of AI-assisted development. Did you know that although 85% of respondents have some measures in place to address the challenges posed by AI-generated code, only 24% are “very confident” in their policies and processes for testing such code? 

Join us as we examine the key findings from the Black Duck 2024 DevSecOps report and discuss

• The state of DevSecOps across roles and technologies in light of AI-assisted development
• What a maturing DevSecOps program looks like, and which tools and practices foster growth
• How to integrate application security without impeding DevOps

DevSecOps in the Wild: Examining Global Security Factors in 2024

In January, the EU published the final version of the Cyber Resilience Act (CRA). While this won't come into force until late 2026, there are still actions you can take.  

The good news is most of what's required is already part of a mature modern AppSec programme.  

In this session we’ll cover some of what DevSecOps and product security teams should be planning for to address CRA, with lessons drawn from efforts present in highly regulated spaces in other jurisdictions.

What the CRA means to DevSecOps Teams

Organizations continue moving their business applications and services to the cloud. With this shift, you need solutions that can keep up with your development, deployment, and testing needs without breaking the bank. Moving to cloud-based application security testing (AST) solutions has often meant having to choose between breadth, ease-of-use, and scalability. That changes now.

Polaris® Software Integrity Platform provides all the benefits of a cloud-based solution without having to make compromises on the breadth, depth, or scale of their testing. In this webinar, we’ll give you a tour of the future of AppSec and discuss how you can

- Embed continuous security in your development, QA, and DevOps workflows
- Manage security testing across teams, applications, and scan types 
- Gain a comprehensive view into your portfolio and project AppSec risks

It’s Time for AppSec to Evolve

This year’s DevSecOps Report defines a vivid image of organizations’ journey to secure their software development pipelines, with intriguing conclusions about challenges, success factors, and risk exposure across industries and maturities. Integrating security controls across the development lifecycle and CI pipelines establishes mechanisms for rapid risk detection, accelerated remediation, and automated security gates. But aligning development, AppSec, and DevOps teams to realize a vision for secure DevOps requires a clear strategy. 

Join us as we examine the key findings from the Synopsys 2023 DevSecOps Survey and discuss: 

• The state of DevSecOps across roles and technologies
• What a maturing DevSecOps program looks like and which tools and practices foster growth
• Recommendations for how to integrate application security without impeding DevOps

Register today.

DevSecOps in the Wild: Examining Global Security Factors in 2023

Security issues in DevOps often arise due to conflicting aims between developers and security professionals, with developers aiming for rapid product pipeline completion and security teams focusing on preventing vulnerabilities. 
  
How do we achieve this in the real world? How can organizations remove complexity, reduce costs, and improve scalability without compromising security? 
  
Polaris offers a full suite of AppSec solutions from SAST, SCA to DAST. In this webinar, explore our latest addition Polaris fAST Dynamic, tailored for modern web applications. 
  
We will also showcase Polaris Assist, an AI-powered application security assistant on the Polaris platform. Polaris Assist combines decades of real-world insights with a powerful large language model (LLM) that gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster. 
  
Join us and learn what the next generation of easy, fast, and automated application security can do to seamlessly integrate with any environment your teams are working in.

The Future of Automation AppSec with Polaris Assist powered by AI

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

AppSec Automation: Five Steps to Achieving Developer-First Security

Dynamic application security testing (DAST) is a central component for many organizations’ AppSec programs. But legacy DAST tools can be too slow and difficult to use in fast-paced development environments. Our new fAST Dynamic technology enables DevOps teams to scan their applications quickly and accurately, eliminating the need for time-consuming configuration and triage efforts. 

Join us to see how fAST Dynamic

- Allows users without extensive technical knowledge easily initiate scans 
- Navigates and analyzes web apps without requiring specialized expertise
- Prioritizes quality or quantity of findings  

fAST Dynamic provides a self-serve, straightforward, and efficient dynamic testing solution for organizations aiming to secure their web applications without slowing their development pace.

Dynamic Analysis for Modern Day DevOps

Security at Every Stage: Integrating AppSec for Efficient DevSecOps

Securing today's applications requires a new approach.

You need to deliver new applications and API’s, fast. Unfortunately, this “need for speed” can lead to vulnerabilities in software code. Once discovered in production, so begins the process by which SecOps and DevOps work to fix the vulnerabilities in runtime applications.  Unfortunately, SecOps and DevOps teams have historically operated independently, establishing their own processes, tools and KPI’s which can create roadblocks.

For an organization to truly develop and deploy secure applications, they need to move beyond traditional methodologies and adopt a new approach – one that bridges the gap between security operations and development.

Join us as we discuss how the Modern AppSec Framework delivers a functional plan your organizations can use to develop and deliver secure applications, regardless of where you are in your security or application development journey.

Register now to learn how the Modern AppSec Framework can take your application security program to the next level.

A Modern Approach to Application Security

The economic downturn is impacting organizations, and application security is not exempt from budget pressures. You may need to make some difficult choices on application security spending that doesn’t add risk to the business. Do you have a plan in place today?
 
Join us for this Synopsys webinar to get insight into the latest application security risks and where budget trade-offs can be made. We’ll cover:
 
• Trends in AppSec in challenging times
• Factors when considering cloud vs on-prem solutions
• Trade-offs between platform and best-of-breed AppSec approaches

Transforming DevSecOps in Turbulent Times

To build security into DevOps and achieve true DevSecOps, organizations need to manage AppSec workflows without hindering speed and flexibility. But how do you get there?

Join this live Synopsys webinar to learn how to inject security into DevOps without sacrificing efficiency. We’ll cover how to:

• Secure code as fast as it’s written
• Run the right tests at the right time
• Automate security testing to focus on what matters

Achieving DevSecOps: Ways to reduce AppSec noise at scale

Coffee with a Side of DevSecOps

With modern processes, software developers can quickly build and release applications by deploying them to the cloud. But security teams are struggling to keep pace. Shifting security left can help, but it’s easier said than done.

Join this live Synopsys webinar to understand the latest Enterprise Strategy Research Group (ESG) research on shifting security left to create scalable, developer-centric supply chain security solutions. We’ll cover: 

• Current conditions for incorporating security into developer workflows
• The challenges faced with faster cloud-native development lifecycles 
• Strategies and solutions for securing software without sacrificing speed

Top Challenges With Shifting Security to Development

You’ve automated security tooling in development pipelines and your organization has moved to agile practices, but you are still not experiencing the DevSecOps promise land you were told about.

The three pillars of DevSecOps are people, process, and technology. Have you invested enough into your people? Without a bridge between the security and the development teams, all your hard work can get stuck in mud. 

A Security Champions program can help enable your teams reduce process friction and ensure successful adoption of security within developers’ daily work. This talk will address 

• Common challenges organizations experience
• Ways a Security Champions program can help
• Getting started with building your Security Champions program

Enable your DevSecOps Initiative with Security Champions

DevSecOps is a trending practice in application security that involves introducing security earlier in the software development life cycle. It expands the collaboration between development and operations teams to integrate security teams in the software delivery cycle. 

DevSecOps needs to be risk-based like your application risk indicator. It needs to be able to optimize security testing based on your policies. It should be efficient so not every code change requires a full security analysis. 

In this talk, you will learn
• Actionable insights into what DevSecOps is
• What DevSecOps is not
• How DevSecOps works from build to production

DevSecOps Explained

Digital transformation initiatives are forcing development teams to make tough decisions. They have to make tradeoffs between feature velocity and managing application security risk. Developers may lack the knowledge to address the risks they’re aware of, and adding security tools often adds friction to their workflows. A new approach is needed to meet the demands of modern application development.

Join us for this webcast with Enterprise Strategy Group (ESG) to learn about:

- How DevOps and automation are changing application security landscape
- What challenges teams face when automating their AST tools
- How a new approach to DevSecOps can address these challenges
- What your team can do to make your DevSecOps initiative successful

Cracking the Code of DevSecOps

DevOps is terrific for delivering new innovative applications to the market. But the newer trend of “shift left, shift right, shift everywhere” has increased the pressure on developers and DevOps engineers to add application security (AppSec) testing and tooling management in CI/CD pipelines to their already long list of responsibilities.

With “shift everywhere,” existing DevSecOps implementations have to evolve to manage AppSec risk without impeding the agility and frequency of software delivery. The good news is, it can be done.

In this webinar, you will learn about:

- How “shift everywhere” is impacting DevSecOps
- What are its implementation challenges?
- How to build and execute a comprehensive AppSec program to address these challenges
- Recent DevSecOps success stories

Where Will DevSecOps 'Shift' Next?

Building Security into DevOps

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.

First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:
- How do I manage false positives?
- How do I triage the results?
- What happens to new issues identified?
- My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
- What is a “baseline scan”?

Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.

5 Steps to Integrate SAST into the DevSecOps Pipeline

DevSecOps

SAST

static analysis

Architecture

Application Development

Application Security

Application Monitoring

Security Testing

DevOps

IT Security

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

5 Steps to Integrate SAST into the DevSecOps Pipeline

Presented by

About this talk

Black Duck