BestHub
Sign in
Tag

SAST

0 views collected around this technical thread.

Cloud Native Technology Community
Cloud Native Technology Community
Sep 7, 2023 · Information Security

Kubernetes Security Testing: Importance, Methods, and Best Practices

This article explains why security testing is critical for Kubernetes clusters, outlines key testing approaches such as SAST, DAST, container image scanning, configuration audits, and network policy testing, and provides practical steps for integrating these methods into CI/CD pipelines to ensure robust cloud‑native security.

Configuration AuditContainer ScanningDAST
0 likes · 9 min read
Kubernetes Security Testing: Importance, Methods, and Best Practices
DevOps
DevOps
Aug 26, 2022 · Information Security

Security Testing Practices in DevSecOps and Huawei Cloud

The article explains the importance of security testing within DevSecOps, outlines key testing methods such as SAST, DAST, IAST, and SCA, discusses penetration testing, and describes Huawei Cloud's comprehensive security testing framework and practices for ensuring software safety in modern development pipelines.

DASTDevSecOpsIAST
0 likes · 13 min read
Security Testing Practices in DevSecOps and Huawei Cloud
DevOps
DevOps
Jan 21, 2022 · Information Security

Enterprise DevSecOps: Integrating Security into DevOps

This article provides a comprehensive guide to implementing DevSecOps in enterprises, covering fundamental principles, collaboration between security and development teams, integration of security testing, building a secure toolchain, and practical strategies for scaling security within DevOps pipelines.

DevSecOpsSASTSDLC
0 likes · 62 min read
Enterprise DevSecOps: Integrating Security into DevOps
DevOps Engineer
DevOps Engineer
Nov 10, 2021 · Information Security

Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)

This article explains what Synopsys Polaris is, lists the programming languages it supports, describes how to access the SaaS platform, install the CLI, configure the polaris.yml file with capture and analysis settings, and run scans to obtain detailed vulnerability reports.

Code ScanningPolarisSAST
0 likes · 6 min read
Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)
58 Tech
58 Tech
Apr 23, 2021 · Information Security

Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning

This article explains the fundamentals of abstract syntax trees, Java AST analysis with Spoon, the principles of static application security testing and taint analysis, and demonstrates how to use CodeQL to detect unsafe Fastjson usage and Spring web path bindings in a CI/CD pipeline.

ASTCodeQLJava
0 likes · 24 min read
Understanding AST, SAST, Taint Analysis, and CodeQL for Java Security Scanning
58 Tech
58 Tech
Apr 19, 2021 · Information Security

Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection

This article introduces the importance of source code security scanning in CI/CD pipelines, explains static application security testing (SAST), compares major commercial and open-source Java analysis tools, and presents the selection criteria and conclusions that guided 58 Group's Java white-box scanning solution.

JavaSASTsecurity
0 likes · 16 min read
Java White-Box Static Code Analysis: Overview, Tool Evaluation, and Selection
Top Architect
Top Architect
Jan 3, 2021 · Information Security

Top 7 Static Code Analysis Tools: Features, Languages, and Pricing

This article reviews seven popular static code analysis tools, outlining why static analysis matters, each tool's key features, drawbacks, supported languages, and pricing to help developers choose the right solution for improving code quality and security.

SASTcode qualitydevops
0 likes · 11 min read
Top 7 Static Code Analysis Tools: Features, Languages, and Pricing
Architects Research Society
Architects Research Society
Jul 28, 2020 · Information Security

11 Practical Tips for Delivering Security as Code in DevOps

This article explains what "security as code" means, why shifting security left in the software development lifecycle matters, and provides eleven actionable tips—including understanding Secure SDLC, using SAMM, integrating SAST/DAST, and automating security checks—to help teams embed security directly into their DevOps pipelines.

DASTDevSecOpsSAMM
0 likes · 10 min read
11 Practical Tips for Delivering Security as Code in DevOps
Ctrip Technology
Ctrip Technology
Jul 9, 2020 · Information Security

Ctrip's DevSecOps Practices and Challenges

The article details Ctrip's DevSecOps challenges and solutions, covering security team structuring, threat modeling, SCA and SAST integration, IAST/DAST architecture, vulnerability management, and the resulting improvements in automated security testing within a high‑frequency CI/CD environment.

DevSecOpsIASTSAST
0 likes · 12 min read
Ctrip's DevSecOps Practices and Challenges
DevOps
DevOps
Apr 21, 2020 · Information Security

Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices

This article explains how to embed static application security testing (SAST) into a DevSecOps CI/CD pipeline by defining five essential checkpoints—pre‑commit, commit‑time, build‑time, test‑time, and deployment—covering purpose, benefits, handling false positives, result merging, custom rule sets, and automation strategies.

DevSecOpsSASTSecurity Automation
0 likes · 20 min read
Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices