Back to Browse

GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST)

8.3K views
Feb 1, 2023
17:52

How to do Static Application Security Testing (SAST) πŸ›‘οΈ in GitHub and to succeed with this critical security configuration. Part 5/12: In this video, Padi and I will show you how to find vulnerabilities in your code using Static Application Security Testing (SAST) in GitHub. β–¬β–¬β–¬β–¬β–¬β–¬ T I M E S T A M P S ⏰ β–¬β–¬β–¬β–¬β–¬β–¬ 00:00 Welcome 00:27 Intro 00:33 DevSecOps with GitHub 01:05 About SAST 03:15 How to Implement SAST with GitHub 05:16 Add SAST to Main-Pipeline.yml 06:10 Create sast.yml 07:40 SAST with CodeQL 09:54 SAST with SpotBugs 10:49 SAST with Semgrep 12:23 Pipeline results 13:27 CodeQL findings 14:17 Semgrep findings 15:16 What didn't we find with these tools? 16:47 Summary β–¬β–¬β–¬β–¬β–¬β–¬ L I N K S πŸ”—β–¬β–¬β–¬β–¬β–¬β–¬ Source Code https://github.com/romanoroth/GitHubDevSecOps Blog-Post https://www.romanoroth.com/post/gitlab-vs-github-devsecops GitHub https://github.com/ Patrick Steger https://www.linkedin.com/in/patrick-steger-ch/ Static Application Security Testing (SAST) in GitHub https://github.com/features/security/code β–¬β–¬β–¬β–¬β–¬β–¬ Want to learn more? πŸš€ β–¬β–¬β–¬β–¬β–¬β–¬ GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA GitHub: DevSecOps: Part 3/12: Learn How to Use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk β–¬β–¬β–¬β–¬β–¬β–¬ S U B S C R I B E πŸ”” β–¬β–¬β–¬β–¬β–¬β–¬ ╔═╦╗╔╦╗╔═╦═╦╦╦╦╗╔═╗ β•‘β•šβ•£β•‘β•‘β•‘β•šβ•£β•šβ•£β•”β•£β•”β•£β•‘β•šβ•£β•β•£ β• β•—β•‘β•šβ•β•‘β•‘β• β•—β•‘β•šβ•£β•‘β•‘β•‘β•‘β•‘β•β•£ β•šβ•β•©β•β•β•©β•β•©β•β•©β•β•©β•β•šβ•©β•β•©β•β• https://www.youtube.com/channel/UCXvlc9x4zlv5DEqbby55Ivg?sub_confirmation=1 β–¬β–¬β–¬β–¬β–¬β–¬ Connect with me πŸ‘‹ β–¬β–¬β–¬β–¬β–¬β–¬ LINKEDIN β–Ί https://www.linkedin.com/in/romanoroth/ TWITTER β–Ί https://twitter.com/RomanoRoth INSTAGRAM β–Ί https://www.instagram.com/romanoroth/ FACEBOOK β–Ίhttps://www.facebook.com/romanoroth/ MEETUP β–Ί https://www.meetup.com/de-DE/DevOps-Meetup-Zurich/ CONFERNCE β–Ίhttps://www.devopsdays.ch/ HOMEPAGE β–Ί https://www.romanoroth.com/ β–¬β–¬β–¬β–¬β–¬β–¬ P L A Y L I S T S ▢️ β–¬β–¬β–¬β–¬β–¬β–¬ Modern Software Engineering https://www.youtube.com/playlist?list=PLrsbMazVPK_rb56rZQr2fyBGR3cyanZpX DevOps https://www.youtube.com/playlist?list=PLrsbMazVPK_ro3fn1G-3Ui2mBPHxOD9kF GitLab: Build a DevSecOps Pipeline https://www.youtube.com/playlist?list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P #devsecops #devops #github #romanoroth

Download

0 formats

No download links available.

GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) | NatokHD