How to connect both static and dynamic security scan to the existing CI (Continuous Integration) processes

Abstract:

Continuous Integration (CI) is a key agile software engineering practice where members of a team, or teams in a project, integrate their work frequently. In order to achieve Usable Software each Sprint a CI process has to be clearly defined and implemented. The problem today is the lake of frequency of scanning static code (using HP Fortify) and dynamic scan (using IBM AppSCan). Therefore It’s not connected to CI processes often,

Speakers:

Nir is a DevOps lead at SAP Labs Israel where he is responsible for CI and development operations for various on-premise and on-demand SAP products. He has rich experience with Cloud Operations, Continuous Integration, Source Control Management (SCM), quality processes and software delivery in short cycles.