How to best handle SAST results in your software development process

Logo
Presented by

Mark Hermeling, VP Solutions Engineering

About this talk

Static Application Security Testing (SAST) tools are powerful tools, they provide feedback on the quality of the software that developers are writing. Good SAST tools provide a lot of information in their feedback. From a score, which helps to understand how dangerous a warning is, to a filename and line-number, to a path through the source code to help in remediation. Managing all this power requires a dedicated approach, especially when introducing a SAST solution into a running development process. Not all warnings are worth fixing, sometimes a tool can be too pedantic, or a there are other controls that prevent a warning from requiring source code modification. A static analysis warning is not always directly an error like a compiler error, or a runtime crash. This presentation, part of GrammaTech’s SAST Practitioner series, will look into SAST tool output and will outline an convenient way to use the output of SAST tools to improve software quality early in the development process without overloading developers with too much information and allowing them to focus on the work-at-hand.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (23)
Subscribers (1366)
GrammaTech is a leading global provider of software analysis and testing solutions used by the world's most security conscious organizations to detect, measure, analyze and resolve security and safety vulnerabilities. The company is also a trusted cybersecurity research partner for the nation’s civil, defense, and intelligence communities.