In this video, Erin Browning and Tim Faraci from Slack present at DEF CON 29 AppSec Village. Highlights include:
Keeping developers happy with fast scan results
Thinking beyond the compliance checkbox
Dealing with false positives
Integrating scanning into the developer and security workflows
Calibrating metrics and performance targets
Semgrep is a fast, open-source, code scanning tool for finding bugs, detecting dependency vulnerabilities, and enforcing code standards.