With the raise of cloud computing has come a bigger application exposure. It's now admit that you must do security testing such as pentest in order to find the possible vulnerabilities of your application. But when the pentest report comes with a lot of vulnerabilities it's often time and money consuming to patch them because it can be from code written months or years ago. What if the code was secure by design ? With frequent automated tests similar to the ones you do with Sonar for quality ?
Here comes SAST (Static Application Security Testing) to help you control the security level of your code and to integrate security checks to your CI/CD pipeline. We propose an approach to help developers understand the vulnerabilities they might produce and help them to patch their code. A first walk towards DevSecOps.