Without the Fluff: SCA in the Real World

Presented by

Susan St. Clair, Technical Services Engineer at Checkmarx

About this talk

You already know half the story: your developers are using open source and software composition analysis (SCA) to find and fix associated vulnerabilities. Lack of visibility and remediation puts your software and your data at risk. But, to know the full story, you need to be able to visualize the experience of incorporating an SCA solution into your AppSec program. How does one secure software without complicating development workflows and causing implementation headaches? This is the difficult part of the story... cutting through the fluff to get real and honest insight. See what it’s like to: • Generate an accurate inventory of the open source libraries being used by your development teams • Automate analysis and inject security risk insight directly into your secure SDLC or CI/CD pipelines. • Clearly understand vulnerabilities in direct and transitive dependencies • Reduce the noise (false positives) in SCA results and prioritize remediation of actual risks • Perform SAST (static analysis) and SCA scans from your build pipeline and/or source code repo

Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (53)
Subscribers (9449)
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.