How to best handle SAST results in your software development process

Logo
Presented by

Mark Hermeling, VP Solutions Engineering

About this talk

Static Application Security Testing (SAST) tools are powerful tools, they provide feedback on the quality of the software that developers are writing. Good SAST tools provide a lot of information in their feedback. From a score, which helps to understand how dangerous a warning is, to a filename and line-number, to a path through the source code to help in remediation. Managing all this power requires a dedicated approach, especially when introducing a SAST solution into a running development process. Not all warnings are worth fixing, sometimes a tool can be too pedantic, or a there are other controls that prevent a warning from requiring source code modification. A static analysis warning is not always directly an error like a compiler error, or a runtime crash. This presentation, part of GrammaTech’s SAST Practitioner series, will look into SAST tool output and will outline an convenient way to use the output of SAST tools to improve software quality early in the development process without overloading developers with too much information and allowing them to focus on the work-at-hand.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (37)
Subscribers (2056)
CodeSecure is a global provider of application security testing solutions including static analysis (SAST) and software composition (SCA) products. Our products, CodeSonar and CodeSentry, help organizations develop and release higher quality and more secure software – free of harmful defects and exploitable weaknesses that cause system failures, enable data breaches, and increase corporate liability.