Gitting Down to the Issue - Closing the Feedback Loop with Automation

During this session, a focus on how security professionals are beginning to provide "pipelines-as-a-service" has necessitated a product / service-oriented mindset, even for internal teams. A structured approach on how to leverage continuous integration tools to incorporate not only Snyk Open Source, but security tools in general, into the application development lifecycle will be reviewed. A demonstration of how APIs, functions, and scripts can be used to provide (Snyk) scan output as a GitHub Issue, allowing for feedback to given and discussion to take place prior to a Pull Request event. This presentation will also discuss some of the practical challenges faced related to "privatizing" the code for pipelines, pipeline performance, and secret management as they were faced while adopting the approach at an enterprise scale.