Session: 5 Open Source Security Tools All Developers Should Know About

The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, & CI/CD processes with a few simple controls built – and the great part? It’s easily achievable through open source tooling.

This talk will focus on 5 critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), as well as custom controls to ensure proper enforcement of MFA via Github Security. These tools provide a foundational framework for securing your apps from the first LoC, making it possible to continuously iterate & evolve security maturity over time.

Code examples will be showcased as part of this session.

Presenters:

Chris Koehnecke

Zach Rice

This track proudly sponsored by

ATO 2022 SUMMARY

THANK YOU to everyone who participated in ATO 2022 for making year #10 AMAZING!

ATO 2022 Summary

EVENT OVERVIEW

Take a look at the 2022 All Things Open conference, including highlights and special events.

Event Overview

SPONSORSHIP

Want to help us make the event possible, and get in front of thousands of technologists and open source leaders?

Become a Sponsor