<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Brittany Belle

Brittany Belle

Sonatype

Session Name: First steps away from YOLO-driven development: get started today with free, open-source tools

You know that it’s important to build security checks into your build pipeline, but how do you get started? The biggest source of low-hanging fruit is security vulnerabilities introduced by project dependencies. There are many free and open-source (FOSS) tools that scan your application’s dependencies for known vulnerabilities, and which can be quickly integrated into a typical development environment.

Scan tools are available for most popular ecosystems: JavaScript, Go, Ruby, Python, just to name a few -- even Docker projects. This talk will illuminate the landscape of free tools and databases across various languages and ecosystems. We will cover what to look for in a tool, how the scan process typically works, and what to do with the scan results.

This talk will focus on CLI tools that can be run within a development environment, and will include at least one live demo using a vulnerability scanning tool with a real-world project.

Speaker Bio:

Brittany is a web application developer with experience building web solutions in various industries, including academia, oil and gas, equity compensation, and DevSecOps. She published her first website when she was twelve years old, and has loved web development ever since.