Overview
Discover five essential open source security tools that every developer should be familiar with in this informative conference talk from All Things Open 2022. Learn about the minimum viable security (MVS) approach and how to integrate critical security controls into your CI/CD pipeline using powerful open source tools. Explore Bandit or SEMGrep for static application security testing (SAST), Gitleaks for detecting hard-coded secrets, dependency checks for software composition analysis (SCA), KICS for infrastructure as code (IaC) security, and OWASP's ZAP for API and dynamic application security testing (DAST). Gain insights into implementing custom controls for enforcing multi-factor authentication via Github Security. See code examples demonstrating how to bake security into config files, applications, and CI/CD processes, enabling continuous iteration and evolution of security maturity over time.
Syllabus
5 Open Source Security Tools All Developers Should Know About - Chris Koehnecke & Zach Rice - Jit
Taught by
All Things Open