Application Security Scanning in the Repository_ Best Practices

Presented by

SUSAN ST. CLAIR Director of Product Management - WhiteSource

About this talk

Historically, if organizations wanted to automate and enforce application security testing, the best place to do that was within CI/CD pipelines. As time went on, we realized that while pipeline scanning has its place in securing applications, it doesn't scale as more and more plugins are needed and with that, the task of managing them becomes its own headache. In addition, development teams don't typically work in pipelines. They work with code repositories, commits, merges, and pull requests. To get closer to being truly part of a development team's native workflow, application security needed to be in the code repository ecosystem. Learn why scanning applications in the repository is the best way to secure your applications. From enforcing policies to providing feedback on demand, to preventing context switching, scanning in the repository is the most effective way to secure your applications and reduce your risk.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (173)
Subscribers (14384)
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit or follow us on twitter: @whitesourcesoft