Do Your Pipelines Remember?They Must If You Want to Go Fast With Static Analysis

Logo
Presented by

Jimmy Rabon (Product Manager at Micro Focus)

About this talk

All static analysis tools produce false positives, and often require developer context to determine exploitability of a security risk. Automating a static scan is usually straightforward but building automation workflows around SAST findings require that your Pipelines become smarter over time. Optimizing the data provided by SAST tools is an often overlooked aspect to integrating SAST tooling into the CI / CD pipeline but it is required to be successful. Come learn from Jimmy Rabon, Senior Product Manager at Micro Focus, about best practices for DevSecOps / SAST integration and about how machine learning can help us predict the future, based on our past.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (41)
Subscribers (16940)
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, link here, the open-source automated dependency update project. For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.