Sign up to save your podcasts
Or
Share #SecurityCulture: Static Analysis
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#SecurityCulture: Static Analysis
Welcome to the 6th episode of our Security Culture Campaign! On today’s show Matt Konda talks Static Analysis.
There are a lot of static analysis tools out there. The simplest might be eslint , for which there are even security rulesets - the docs for which have some handy illustrations for the types of things these tools can find.
We recommend:
Using a linter locally in your code editor if applicable - but only if applicable
Using a static analysis tool in your CI/CD pipeline - if it finds useful things
Assuming you may need to spend time tuning the tool to get the results you want
Start with free tools and build the process and habit, then consider using commercial tools
Augment static analysis with code review
Consider an assisted code review strategy
Read more on the blog.
Click here for the associated YouTube video.
The Jemurai Security Culture Campaign Series is a stream of topical content released every Thursday intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.
Click here to request a topic.
View all episodes
By JemuraiWelcome to the 6th episode of our Security Culture Campaign! On today’s show Matt Konda talks Static Analysis.
There are a lot of static analysis tools out there. The simplest might be eslint , for which there are even security rulesets - the docs for which have some handy illustrations for the types of things these tools can find.
We recommend:
Using a linter locally in your code editor if applicable - but only if applicable
Using a static analysis tool in your CI/CD pipeline - if it finds useful things
Assuming you may need to spend time tuning the tool to get the results you want
Start with free tools and build the process and habit, then consider using commercial tools
Augment static analysis with code review
Consider an assisted code review strategy
Read more on the blog.
Click here for the associated YouTube video.
The Jemurai Security Culture Campaign Series is a stream of topical content released every Thursday intended to help developers think about security in a particular area. The content will be available in associated videos, podcasts and blog posts.
Click here to request a topic.