Overview
Explore an in-depth look at using semgrep, an open-source tool for static code analysis, to enhance application security in this DevConf.CZ 2023 conference talk. Learn how to run semgrep on your codebase, interpret results, and create custom rules to tailor the tool to specific needs while reducing false positives. Discover techniques for integrating semgrep into CI/CD pipelines, automating the process of running static code analysis and catching security vulnerabilities early in development. Gain valuable insights on improving application security through effective Static Application Security Testing (SAST), suitable for developers of all experience levels.
Syllabus
Effective SAST: Secure Code Analysis in the CI/CD - DevConf.CZ 2023
Taught by
DevConf