Gitting Down to the Issue - Closing the Feedback Loop with Automation

Gitting Down to the Issue - Closing the Feedback Loop with Automation

Description:

During this session, a focus on how security professionals are beginning to provide "pipelines-as-a-service" has necessitated a product / service-oriented mindset, even for internal teams. A structured approach on how to leverage continuous integration tools to incorporate not only Snyk Open Source, but security tools in general, into the application development lifecycle will be reviewed. A demonstration of how APIs, functions, and scripts can be used to provide (Snyk) scan output as a GitHub Issue, allowing for feedback to given and discussion to take place prior to a Pull Request event. This presentation will also discuss some of the practical challenges faced related to "privatizing" the code for pipelines, pipeline performance, and secret management as they were faced while adopting the approach at an enterprise scale.

Speakers:

David Wiggs

Manager, Bain

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo