Home > On-Demand Archives > Theatre Talks >

Optimizing the Developer DevSecOps Experience for Embedded Systems

Mark Hermeling - CodeSecure - Watch Now - EOC 2025 - Duration: 27:12

Optimizing the Developer DevSecOps Experience for Embedded Systems
Mark Hermeling

Providing software developers with flexible, fast workflows in which they receive the information they need at the time they need it is crucial, especially in embedded systems.

Embedded systems have strict security, safety, and quality standards to adhere to. Building guidance for these standards into the workflow makes developers more efficient, allows them to learn as they go, and ultimately reduces risk while helping the team meet deadlines.

These workflows include static and dynamic testing, testing on hardware, server-based and local build options, as well as hardware-based debug workflows.

GitLab has extensive support to automate all these actions, which is what we’ll demonstrate during this presentation.

  • Drive all actions through an IDE (VS Code)
  • Use Merge Requests to track all actions
  • Use AI to automate common programming tasks
  • Use Security Policies to drive security fixes before merges
  • Find deep security findings and remediate them easily using CodeSonar
  • Automate testing on hardware in a remote hardware lab

This in-workflow pipeline automation saves engineers many hours per month, allowing them to spend more time building secure and safe software.

All artifacts used during this presentation are publicly available, and links will be provided.

M↓ MARKDOWN HELP
italicssurround text with
*asterisks*
boldsurround text with
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with
`backticks`
strikethroughsurround text with
~~two tilde characters~~
quote
prefix with
>

glennk
Score: 0 | 2 weeks ago | no reply

Excellent session, critically important today more than ever.

SimonSmith
Score: 1 | 2 weeks ago | no reply

Thanks Mark, great presentation and discussion. I can relate to much of it. I was mandated to use Parasoft and Checkmarx, which I found awkward to use, especially when ran infrequently and you forget how. As they were ran occasionally towards the end of the project, they produced mountains of haystacks. So I get the idea of being able to filter out what’s new or relevant on a branch, and just staying on top of it daily. I find there’s often a lot of marketing hype and training needed for SAST tools, all I want to do is download it and try it locally for 10 mins. It seems to point to qualified code generation from a model (or using it for the code generator), to minimise coding errors in the first place.

datamstr
Score: 1 | 3 weeks ago | no reply

Excellent presentation!

Mark HermelingSpeaker
Score: 0 | 3 weeks ago | no reply

Thanks @dcblack, I will certainly keep this in mind/

Here are the links as well:
https://gitlab.com/codesonar/examples
Open source projects with GitLab pipelines
https://codesecure.com/trial-request/
Request access to the CodeSonar results
Provide your GitLab id and you will be able to work on MRs
https://www.youtube.com/@CodeSecure_
Detailed videos

dcblack
Score: 1 | 3 weeks ago | no reply

You should refer to the PDF provided and the links in the PDF should be clickable (not just copy/paste). Perhaps a simple QRcode to a page with all the links in one place.

OUR SPONSORS & PARTNERS