Session: 5 Open Source Security Tools All Developers Should Know About

The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, & CI/CD processes with a few simple controls built – and the great part? It’s easily achievable through open source tooling.

This talk will focus on 5 critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), as well as custom controls to ensure proper enforcement of MFA via Github Security. These tools provide a foundational framework for securing your apps from the first LoC, making it possible to continuously iterate & evolve security maturity over time.

Code examples will be showcased as part of this session.


This track proudly sponsored by