Friday, May 11, 2018

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Time and again, clients have asked me how to integrate SAST tools into their DevSecOps pipeline.  They ask key questions like these: How do I manage false positives? How do I triage the results? What happens to new issues identified? My scan takes 4–5 hours to complete. How can I use this tool in my DevSecOps pipeline? What do you mean by “baseline scan”? Having a decade long experience in deploying Application Security tools helped me to document answers to several of my clients questions. If these are the questions you are asking, and you’re concerned about integrating a SAST tool into your DevSecOps pipeline, read on.

Here is the link of the article on my company's blog.