The Fundamentals of SAST and DevSecOps

Most Common SAST Challenges

Top SAST Challenges (Source: Perforce)

SAST and DevSecOps

  • Detect code vulnerabilities, compliance issues, and rule violations earlier in the software development cycle.
  • Deliver fast feedback to developers with the precise locations of security vulnerabilities and their cause.
  • Enforce industry and security coding standards (like the above mentioned ones and more)
  • Report on compliance over time and across product versions, branches and deliveries.
Klockwork Sample SAST Report (Source: Perforce)

The Complimentary Piece: Safety Compliance

  1. Accurate reporting with minimal false negatives.
  2. Ability to run across large code bases (millions lines of code LOC) and advanced architectures.
  3. Integrability into CI/CD/IDEs that fits the development processes (see below process example).
  4. Custom reporting abilities and rules to allow proper visibility into main issues and product risks (see above report sample)
  5. Continuous compliance and being up to date with all major coding and safety standards as they changed regularly.
  6. Advanced code scanning abilities like differential analysis — this allows scanning only the delta of the code that was changed against an existing baseline to save time, and better focus on the changes.

Bottom Line

--

--

--

Chief DevOps evangelist, speaker, Author at Perforce. Specializes in software testing for mobile and web, and SAST. My blog: https://continuoustesting.dev/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

BDD Like Widget Testing

Google Developer Account TERMINATED by bots with no explanations

SLOB on YugabyteDB

Software architecture newsletters that are worth your subscription

How to Learn Automation from Scratch

Command Line Recycle-Bin For Linux System

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eran Kinsbruner

Eran Kinsbruner

Chief DevOps evangelist, speaker, Author at Perforce. Specializes in software testing for mobile and web, and SAST. My blog: https://continuoustesting.dev/

More from Medium

Adding CORS headers in API Management via Policy

Schedule Builds with Azure DevOps in Under 5 Minutes…and Save Time, Money, and Your Sanity

Let’s Talk about DevOps

The Happiest Platform on Earth: What the Cloud Can Learn from Disney World