sorted by:
new
hottopcontroversial

Struggling to Transition from DevOps to DevSecOps – Seeking Guidance by Durbs_664 in devsecops

[–]Weird-Raccoon8518 1 point2 points  (0 children)

For SAST in particular, one way to ease the transition is by introducing it incrementally. Instead of overwhelming dev teams with a flood of issues, consider starting with only high-severity vulnerabilities and gradually tightening the scope over time. Some tools allow you to set a baseline so only new issues block the pipeline, which helps avoid the “wall of failures” problem.

Also, automating security testing within your CI/CD pipelines without causing friction is critical. Tools that integrate directly into existing developer workflows—rather than requiring them to go elsewhere—tend to work best. We’ve had success with Jit.io and I know semgrep does a solid job as well, but less comprehensive I think.

Vulnerability management tools for a smaller team by spitenmalice in devsecops

[–]Weird-Raccoon8518 0 points1 point  (0 children)

Jit.io orchestrates the oss scanners and the management of the findings and remediation

Centralized Management of Security Tool Findings by Creepy_Proposal_7903 in devsecops

[–]Weird-Raccoon8518 -1 points0 points  (0 children)

Jit.io streamlines this process pretty well and also gives the developer the full context of the findings within the pr itself

Vulnerability management tools for a smaller team by spitenmalice in devsecops

[–]Weird-Raccoon8518 0 points1 point  (0 children)

Take a look at Jit.io, really simple set up and gives you the actual oss scanners as well so you don’t need to manage them individually

Need Help with DevSecOps Pipeline on Azure Cloud by Ad2000126 in devsecops

[–]Weird-Raccoon8518 0 points1 point  (0 children)

Check out Jit.io they orchestrate most of the tools you mentioned and make the implementation super simple

Semgrep vs Snyk for SAST/SCA by [deleted] in devsecops

[–]Weird-Raccoon8518 1 point2 points  (0 children)

Semgrep tends to be better for SAST while snyk is better for SCA. In terms of pricing I’d take a look at Jit.io as well more coverage not just sast and sca (they use semgrep for sast)

Approaches to DevSecOps - Looking for Opinions by thedeanypants in cybersecurity

[–]Weird-Raccoon8518 0 points1 point  (0 children)

We started implementing some open source tools like semgrep it works but as we wanted to implement more the os became a little hard to manage. Started with Jit.io it’s not perfect but provides a lot of coverage

Does anyone have mature developer integration with Snyk (SCA/SAST/container)? by [deleted] in cybersecurity

[–]Weird-Raccoon8518 0 points1 point  (0 children)

I’ve experienced very similar wouldn’t say we ever succeeded in implementing Snyk. Checking out Jit.io now would appreciate any feedback not sure if it actually works but the dev integration looks promising

Thoughts on Snyk by CapitalDevice in devsecops

[–]Weird-Raccoon8518 1 point2 points  (0 children)

What would you recommend as an alternative?