You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We want to demo the static analysis tool called Semgrep. In the demo we will:
- Connect Semgrep to a Github repo
- Run Semgrep, with the basic rule-set, on the repo
- Show and explain the information given by Semgrep
- Create a custom rule that can be used with Semgrep
We will also explain why it is important to use static analysis tools for DevSecOps.
**Relevance**
There are hundreds of different vulnerabilities that exist and it's therefor difficult for your average developer to know of and remember all of them. To know why and how to use static analysis tools to identify vulnerabilities is important to combat this problem.
