Explore an in-depth look at using semgrep, an open-source tool for static code analysis, to enhance application security in this DevConf.CZ 2023 conference talk. Learn how to run semgrep on your codebase, interpret results, and create custom rules to tailor the tool to specific needs while reducing false positives. Discover techniques for integrating semgrep into CI/CD pipelines, automating the process of running static code analysis and catching security vulnerabilities early in development. Gain valuable insights on improving application security through effective Static Application Security Testing (SAST), suitable for developers of all experience levels.
Overview
Syllabus
Effective SAST: Secure Code Analysis in the CI/CD - DevConf.CZ 2023
Taught by
DevConf
Related Courses
-
DevSecOps: Adding Security Testing Tools to Pipelines
-
CI - CD With SAST And DAST For Embedded Devices
-
Kube-Native CI/CD Pipelines for Containerized Databases
-
Building a Secure CI/CD Pipeline - Beyond Security Tools Integration
-
Secure Python Development: Tips, Tricks, and Tools
-
A Practical Guide to CI/CD Security Gating
