Securing Open Source pipeline using Plug-n-Play Scanning

0 minutes de lecture

| Talk |

Amol Deshpande, Product Security Engineer, Sales Force

Salesforce believes in giving back to the community, and one of the ways engineers can give back is by open sourcing the work they have done so that other individuals can benefit from it.

Until July 2020, the requests to open source any internal Salesforce work were reviewed by Product Security manually and it soon became a bottleneck. We developed an automation service that seamlessly connects with the internal task-tracking system and internal security tools to provide a consolidated scan report of the repository to be open-sourced saving at least 150 hours of manual work per year.

This framework can now be extended to be a plug and play security scanning/testing framework capable of incorporating any tool.

Curious for more? Learn why Snyk is loved by both developers and security teams and how you can secure your open source projects and entire Cloud Native Application Stack.

Up Next

Why can’t we simply add a button that does X?

Making the impossible work with minimal resources is a great accomplishment by our engineers. But what if… Let me show you how all of us make the same mistake over and over again.

Poursuivre la lecture

Snyk est une plateforme de sécurité des développeurs. S’intégrant directement aux outils, workflows et pipelines de développement, Snyk facilite la détection, la priorisation et la correction des failles de sécurité dans le code, les dépendances, les conteneurs et l’infrastructure en tant que code (IaC). Soutenu par une intelligence applicative et sécuritaire de pointe, Snyk intègre l'expertise de la sécurité au sein des outils de chaque développeur.

Démarrez gratuitementRéservez une démo en ligne

© 2024 Snyk Limited
Enregistré en Angleterre et au Pays de Galles