Static analysis tools are often used by a separate QA or security team, but recent advances enable tight integration into agile development processes, shifting left the detection of critical errors. This talk reviews these advances, highlighting examples from Google and Facebook, and summarizes the commercial landscape, concluding with best practices for companies adopting static analysis tools.
OPEN TALK: Dog Food for Open Source Security: What Tools Are Worth Eating?
Sal heads developer relations for open source at Sonatype and passionate about helping engineers, ethical hackers and digital enthusiasts understand the complexity of modern software development. With over a decade of experience as a machine learning engineer in the healthcare and tech for good sectors, their work is now focused on filling the cracks in the open source software supply chain to build a better digital future for all of us. By day, you'll find Sal working with site reliability engineers, DevOps and cybersecurity specialists to implement best tools and practices to remove toil from developer workflows. By night, you'll find Sal mentoring the next generation of engineers in cloud computing from around the globe, helping them to make the world a better place through the world the clever use of math.