Live Q&A - Optimizing the Developer DevSecOps Experience for Embedded Systems
Thanks Mark, great presentation and discussion. I can relate to much of it. I was mandated to use Parasoft and Checkmarx, which I found awkward to use, especially when ran infrequently and you forget how. As they were ran occasionally towards the end of the project, they produced mountains of haystacks. So I get the idea of being able to filter out what’s new or relevant on a branch, and just staying on top of it daily. I find there’s often a lot of marketing hype and training needed for SAST tools, all I want to do is download it and try it locally for 10 mins. It seems to point to qualified code generation from a model (or using it for the code generator), to minimise coding errors in the first place.
Excellent presentation!
Thanks @dcblack, I will certainly keep this in mind/
Here are the links as well:
https://gitlab.com/codesonar/examples
Open source projects with GitLab pipelines
https://codesecure.com/trial-request/
Request access to the CodeSonar results
Provide your GitLab id and you will be able to work on MRs
https://www.youtube.com/@CodeSecure_
Detailed videos
You should refer to the PDF provided and the links in the PDF should be clickable (not just copy/paste). Perhaps a simple QRcode to a page with all the links in one place.
Excellent session, critically important today more than ever.