Slack on scaling static analysis with Semgrep

Slack’s DEF CON 29 AppSec Village presentation

August 10th, 2021
Share

In this video, Erin Browning and Tim Faraci from Slack present at DEF CON 29 AppSec Village. Highlights include:

  • Keeping developers happy with fast scan results

  • Thinking beyond the compliance checkbox

  • Dealing with false positives

  • Integrating scanning into the developer and security workflows

  • Calibrating metrics and performance targets

Enjoy!

About

Semgrep enables teams to use industry-leading AI-assisted static application security testing (SAST), supply chain dependency scanning (SCA), and secrets detection. The Semgrep AppSec Platform is built for teams that struggle with noise by helping development teams apply secure coding practices.