5 Steps to Integrate SAST into the DevSecOps Pipeline

Even software with a solid architecture and design can harbor vulnerabilities, whether due to mistakes or shortcuts. But limited security staff don’t have the resources to perform code reviews and provide remediation guidance on the entire application portfolio. Static analysis, also known as static application security testing (SAST), is an automated way to find bugs, back doors, and other code-based vulnerabilities so the team can mitigate those risks.

On Demand
1h 00min

First, though, you must choose a static analysis model that fits your needs. You might have questions such as these:

  • How do I manage false positives?
  • How do I triage the results?
  • What happens to new issues identified?
  • My scan takes hours to complete. How can I use this tool in my DevSecOps pipeline?
  • What is a “baseline scan”?

Join us as we walk you through the challenges and benefits of integrating a SAST tool into your DevSecOps pipeline and how we’ve helped other organizations with this process.

Featured Speakers

  • Meera Rao
    Meera Rao
    Senior Principal Consultant

    Meera Rao is a Senior Principal Consultant and serves as the Director for Secure Development Practice at Synopsys, Inc. She plays a vital role in developing customized programs for detecting software defects and leads security initiatives for clients in various markets such as healthcare, finance, and aeronautics. She works with complex teams that include principal consultants, associate principal consultants, and senior consultants in delivering a wide range of solutions for today’s software security challenges. Meera has conducted several projects with a number of Fortune 500 companies in leading their DevSecOps projects, has helped organizations start and mature their Continuous Integration (CI), Continuous Delivery (CD), Continuous Deployment (CD) and DevOps engineering activities and performed Architecture Risk Analysis, Threat Modeling, Secure Design Review, Secure Code Review security activities.

  • Eric Bruno
    Eric Bruno
    Contributing Editor
    Dark Reading

    Eric Bruno is a contributing editor to Dark Reading with more than 20 years of experience in the information technology community. He is a highly requested moderator and speaker for a variety of conferences and other events on topics spanning the technology spectrum from the desktop to the data center.

Sponsored By