Falling in love with static analysis

Falling in love with static analysis

Description:

As a developer, chances are you are aware how much static code analysis tools could help you to secure the application, yet beside simple linters you do not use them to their full extent. Maybe you even circumvent them when possible. The reasons for this are that most of these tools are slow, generate massive amounts of false alarms and the real alarms are complex and not actionable. Commonly, these tools produce reports that might serve post-development audits, but fail to integrate in your daily workflow and are painful to use. You are not alone.

In this session, we want to show you the life of a pull request and follow your workflow. First, we want to remedy as many security issues as possible before the code is pushed. Then we will show you how Snyk Code helps to secure the rest of the SDLC. We will show you how Snyk Code provides security insight when and where you need it during development, code review and in the CI/CD pipeline. We will leave you with some practical advice on how to review and modernize the development process.

Speakers:

Noa Moshe

Solutions Engineer, Snyk

Elad Yaakov

Product Manager, Snyk

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon