5 Steps to Integrate SAST into the DevSecOps Pipeline

Logo
Presented by

Meera Rao, Senior Principal Consultant

About this talk

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks. First, though, you must choose a static analysis model that fits your needs. You might have questions such as these: - How do I manage false positives? - How do I triage the results? - What happens to new issues identified? - My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline? - What is a “baseline scan”? Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.
Related topics:

More from this channel

Upcoming talks (17)
On-demand talks (165)
Subscribers (56843)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.