Effective SAST: Secure Code Analysis in the CI/CD

Explore an in-depth look at using semgrep, an open-source tool for static code analysis, to enhance application security in this DevConf.CZ 2023 conference talk. Learn how to run semgrep on your codebase, interpret results, and create custom rules to tailor the tool to specific needs while reducing false positives. Discover techniques for integrating semgrep into CI/CD pipelines, automating the process of running static code analysis and catching security vulnerabilities early in development. Gain valuable insights on improving application security through effective Static Application Security Testing (SAST), suitable for developers of all experience levels.

Effective SAST: Secure Code Analysis in the CI/CD - DevConf.CZ 2023