How to Keep Your Code Safe Within the DevOps Culture Using Open Source Tools

A practical demonstration of how a Developer can use a SAST tool for static analysis in code vulnerability, executing it in source code, byte code and/or binary and identifying security holes during the development process, analyzing many languages and codes.

The ecosystem will have the opportunity to know about an open source tool that orchestrates other security tools and identifies security flaws or vulnerabilities in projects and put all results in a database for analysis and generation of metrics, working this analysis with select the languages ​​and/or tools to be used on the project based on the available stack. These languages and tools are: Python, Ruby, Javascript/Typescript, GoLang, C#, Java, Kotlin, Kubernetes, Terraform, some Leaks, Leaks(optional search in git history), PHP, C, HTML, JSON, Shell Script and Elixir, it being done in source code, byte code or binary, finding “Leaks” checks the source code for possible leaks of credentials, private keys or hard coded passwords and analyze the project’s dependencies to check for vulnerabilities in third-party libraries. in third-party libraries.



Filipi Pires

I’ve been working as Security and Threat Researcher at Saporo, and Cybersecurity Advocate at senhasegura, Snyk Ambassador, Application Security Specialist, Hacking is NOT a crime Advocate and RedTeam ...