Although static application security testing (SAST) tools are critical for finding and fixing quality and security issues in first-party code, the vast majority of applications today are built largely on open source components, meaning that software composition analysis (SCA) tools are just as important for finding and fixing vulnerabilities in open source dependencies such as last year’s Log4shell vulnerability. To support an iterative DevSecOps security model, though, these two tools need to be built and deployed with the development team in mind.

In this session, you’ll hear from security experts at Pomelo, a fast-growing FinTech company that develops Cards and Digital Accounts solutions for companies in the process of digital transformation in LATAM, who will walk you through their journey to implementing a DevSecOps model into their software development lifecycle by implementing tools like Snyk to help their development team find and quickly fix vulnerabilities across both proprietary code and open source software, automating code security controls across the tools Pomelo’s developers use to build their applications.

During this session, application security experts from Snyk and Pomelo will show you how:

• Pomelo uses Snyk and AWS to securely build and run their applications
• Managing vulnerabilities across code and OSS can be done as early as the IDE
• Pomelo implemented the Snyk platform into the tools their developers use
• Implementing DevSecOps practices can generate operational efficiencies in AppDev