Falling in love with static analysis

As a developer, chances are you are aware how much static code analysis tools could help you to secure the application, yet beside simple linters you do not use them to their full extent. Maybe you even circumvent them when possible. The reasons for this are that most of these tools are slow, generate massive amounts of false alarms and the real alarms are complex and not actionable. Commonly, these tools produce reports that might serve post-development audits, but fail to integrate in your daily workflow and are painful to use. You are not alone.

In this session, we want to show you the life of a pull request and follow your workflow. First, we want to remedy as many security issues as possible before the code is pushed. Then we will show you how Snyk Code helps to secure the rest of the SDLC. We will show you how Snyk Code provides security insight when and where you need it during development, code review and in the CI/CD pipeline. We will leave you with some practical advice on how to review and modernize the development process.