<img src="https://certify.alexametrics.com/atrk.gif?account=Zpb+p1uhUo20dG" style="display:none" height="1" width="1" alt="">
2021-11-11(HI)

Shifting QA Left: Emerging Trends in Code Quality and Security Automation

Watch onDemand.

What will be covered

Historically, static analysis has been widely used to identify defined sets of security issues via overnight runs across entire codebases as part of a separate "quality assurance (QA)" phase.

A recent trend has been the evolution of static analysis methods and tools to: 1) become much more scalable and 2) broaden their scope to include searching for performance and reliability issues in addition to security-relevant bugs. These improvements allow a much tighter integration into modern agile development processes, shifting left the detection of reliability and security issues. Google and Facebook have pioneered this new model of static analysis that involves broad deployment of extremely scalable analysis tools (billions of lines of code/thousands of commits per day) and have collected and published extensive data on its impact on code quality. Amazon has also used static analysis to streamline certification and compliance tasks. With development teams more distributed than ever, tools like static analysis become increasingly critical for development organizations to overcome the loss of productivity and risk to code quality.

This talk will review these recent developments as well as the history of static analysis in commercial software development and its evolution in the academic world. It will provide an overview of the current open source tool landscape and conclude with best practices for organizations looking to bring static analysis into their development environment.

______________________________________________________________________________


Sal KimmichSal Kimmich

Developer Advocate - Sonatype || {LinkedIn}

Sal is a developer advocate for open source at Sonatype and is passionate about helping engineers, ethical hackers and digital enthusiasts understand the complexity of modern software development. With over a decade of experience building cloud-native machine learning pipelines in the health care and tech-for-good sectors, their work is now focused on filling the cracks in the open source software supply chain to build a better digital future for all of us. By day, you'll find Sal working with site reliability engineers, DevOps and cybersecurity specialists to implement tools and best practices to remove toil from developer workflows. By night, you'll find Sal mentoring the next generation of engineers in cloud computing from around the globe, helping them to make the world a better place through the clever use of math.

REGISTER TO WATCH NOW: