Home > On-Demand Archives > Theatre Talks >
Optimizing the Developer DevSecOps Experience for Embedded Systems
Mark Hermeling - CodeSecure - Watch Now - EOC 2025 - Duration: 27:12

Providing software developers with flexible, fast workflows in which they receive the information they need at the time they need it is crucial, especially in embedded systems.
Embedded systems have strict security, safety, and quality standards to adhere to. Building guidance for these standards into the workflow makes developers more efficient, allows them to learn as they go, and ultimately reduces risk while helping the team meet deadlines.
These workflows include static and dynamic testing, testing on hardware, server-based and local build options, as well as hardware-based debug workflows.
GitLab has extensive support to automate all these actions, which is what we’ll demonstrate during this presentation.
- Drive all actions through an IDE (VS Code)
- Use Merge Requests to track all actions
- Use AI to automate common programming tasks
- Use Security Policies to drive security fixes before merges
- Find deep security findings and remediate them easily using CodeSonar
- Automate testing on hardware in a remote hardware lab
This in-workflow pipeline automation saves engineers many hours per month, allowing them to spend more time building secure and safe software.
All artifacts used during this presentation are publicly available, and links will be provided.
Thanks Mark, great presentation and discussion. I can relate to much of it. I was mandated to use Parasoft and Checkmarx, which I found awkward to use, especially when ran infrequently and you forget how. As they were ran occasionally towards the end of the project, they produced mountains of haystacks. So I get the idea of being able to filter out what’s new or relevant on a branch, and just staying on top of it daily. I find there’s often a lot of marketing hype and training needed for SAST tools, all I want to do is download it and try it locally for 10 mins. It seems to point to qualified code generation from a model (or using it for the code generator), to minimise coding errors in the first place.
Excellent presentation!
Thanks @dcblack, I will certainly keep this in mind/
Here are the links as well:
https://gitlab.com/codesonar/examples
Open source projects with GitLab pipelines
https://codesecure.com/trial-request/
Request access to the CodeSonar results
Provide your GitLab id and you will be able to work on MRs
https://www.youtube.com/@CodeSecure_
Detailed videos
You should refer to the PDF provided and the links in the PDF should be clickable (not just copy/paste). Perhaps a simple QRcode to a page with all the links in one place.
Excellent session, critically important today more than ever.