Explore an in-depth look at using semgrep, an open-source tool for static code analysis, to enhance application security in this DevConf.CZ 2023 conference talk. Learn how to run semgrep on your codebase, interpret results, and create custom rules to tailor the tool to specific needs while reducing false positives. Discover techniques for integrating semgrep into CI/CD pipelines, automating the process of running static code analysis and catching security vulnerabilities early in development. Gain valuable insights on improving application security through effective Static Application Security Testing (SAST), suitable for developers of all experience levels.
Overview
Syllabus
Effective SAST: Secure Code Analysis in the CI/CD - DevConf.CZ 2023
Taught by
DevConf
Related Courses
-
DevSecOps: Adding Security Testing Tools to Pipelines
-
CI - CD With SAST And DAST For Embedded Devices
-
A Practical Guide to CI/CD Security Gating
-
Increase App Confidence Using CI - CD and Infrastructure as Code
-
Improving Dynamic Vulnerability Scanners with Static Code Analysis
-
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security
