security

Slack on scaling static analysis with Semgrep

Slack’s DEF CON 29 AppSec Village presentation
Pablo Estrada
Pablo Estrada
August 10, 2021
slack-on-scaling-static-analysis-with-semgrep

In this video, Erin Browning and Tim Faraci from Slack present at DEF CON 29 AppSec Village. Highlights include:

  • Keeping developers happy with fast scan results

  • Thinking beyond the compliance checkbox

  • Dealing with false positives

  • Integrating scanning into the developer and security workflows

  • Calibrating metrics and performance targets

Enjoy!

About

Semgrep Logo

Semgrep is a fast, open-source, static analysis tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.

Code scanning at ludicrous speed

Find bugs and enforce code standards