Alexey Guskov

Chief IT Engineer, Sberbank

About speaker

Application Security expert at Sberbank. Web Application penetration tester. Responsible for security practices implementation into DevOps.
November 16
14:00 — 15:00
Fast Track
Russian
A lot of companies use SAST. Some even integrate it in DevOps. But have you ever come across an integration of SAST in DevOps for 3500 projects? We have and successfully so!
We’ll talk about how we developed our own Secure Application Lifecycle Manager — one of the main parts of DevSecOps — which integrates with various information security tools and lets teams integrate SAST, DAST, and VMT by themselves.
Our solution made it possible to integrate SAST and implement Quality Gate system in a relatively short time for ~500 developer teams within ~3500 projects by efforts of just 4 people.