Hi , Thanks for session Victoria Almazova , the session was informative and useful. One question about the SAST and DAST scan. When we implement this on the pipeline, for the small scale application the time taken to complete the scan may be lesser but in case of larger applications do you prefer running for every push to the remote. What would be your suggestion on this? I have created a devsecops pipeline with Veracode and Zap as standalone job from usual build pipeline ,because I am running it overnight or only when needed so I am not slowing the generic pipeline pace.
If performance is a hinder factor, my personal experience is to have it trigger on pushes to the main development branch but have it as a downstream job instead of on the main CI/CD pipeline
Fantastic ! I really like the approach and of course the changing to host mode !!!
Is there any template that we can deploy or any labs ?
Hi ,
Thanks for session Victoria Almazova , the session was informative and useful. One question about the SAST and DAST scan. When we implement this on the pipeline, for the small scale application the time taken to complete the scan may be lesser but in case of larger applications do you prefer running for every push to the remote. What would be your suggestion on this?
I have created a devsecops pipeline with Veracode and Zap as standalone job from usual build pipeline ,because I am running it overnight or only when needed so I am not slowing the generic pipeline pace.
hi sir , do you have any step by step document to practice SAST and DAST. please share with me to upskill
If performance is a hinder factor, my personal experience is to have it trigger on pushes to the main development branch but have it as a downstream job instead of on the main CI/CD pipeline
Great! Thanks
Hey, what license is required to access all these features?
👍
Actually Victoria looks like a true Security Analyst.