SnykCon 2020 has ended
Back To Schedule
Wednesday, October 21 • 19:40 - 20:10
Securing Open Source pipeline using Plug-n-Play Scanning

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Salesforce believes in giving back to the community, and one of the ways engineers can give back is by open sourcing the work they have done so that other individuals can benefit from it. Until July 2020, the requests to open source any internal Salesforce work was reviewed by Product Security manually and it soon became a bottleneck. We developed an automation service that seamlessly connects with the internal task tracking system and internal security tools to provide a consolidated scan report of the repository to be open sourced saving at least 150 hours of manual work per year. This framework can now be extended to be a plug and play security scanning/testing framework capable of incorporating any tool.

avatar for Amol Deshpande

Amol Deshpande

Product Security Engineer, Salesforce
Amol Deshpande is a Product Security Engineer on the PaaS Security Assurance team at Salesforce. He works with product and engineering teams to secure their products by performing threat modeling, code reviews and small scale penetration testing. He also works on automation projects... Read More →

Wednesday October 21, 2020 19:40 - 20:10 BST
Technology Track