#sast

[ follow ]
#application-security #semgrep #data-engineering #security-testing #data-pipelines #infrastructure-as-code
DevOps
fromMedium
1 day ago

Building Secure Data Pipelines: Where SAST Fits in the Development Lifecycle

Data pipelines move sensitive data across systems and are vulnerable; SAST scans pipeline code, configs, and infrastructure to catch flaws before production.
Information security
fromInfoWorld
2 months ago

What happens when you add AI to SAST

AI agents with multi-modal analysis in SAST dramatically reduce false positives and false negatives inherent in traditional and rules-based SAST tools.
#application-security
more#application-security
fromInfoQ
3 months ago

LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning

LinkedIn has redesigned its static application security testing pipeline (SAST) to provide consistent, enforceable code scanning across a GitHub-based, multi-repository development environment. The initiative was a result of the company's shift-left strategy by delivering fast, reliable, and actionable security feedback directly in pull requests, strengthening the security of LinkedIn's code and infrastructure and helping protect members and customers.
Information security
Information security
fromInfoWorld
5 months ago

How pairing SAST with AI dramatically reduces false positives in code security

A hybrid Semgrep plus fine-tuned Llama 3 triage pipeline reduces SAST false positives and raises precision to 89.5%, producing actionable findings.
[ Load more ]