| Track: | DevSecOps |
|---|---|
| When: | Wed Eve-2 |
| Where: | DevSecCon |
| Organizers | Avi Douglen Avi Douglen , Nuno Oliveira |
| Participants | Stu Hirst Stu Hirst , David Cervigni David Cervigni , Toby Shelswell Toby Shelswell , Luis Saiz Luis Saiz |
| Remote Participants | Ernesto Bethencourt Ernesto Bethencourt , Harmeet Singh Harmeet Singh , Sugumaran Uppili Sugumaran Uppili |
What
Hands on session on how to write custom rules for the Checkmarx SAST engine.
In addition to many out-of-the-box queries, Checkmarx supports creating custom queries using its own domain-specific language, CxQL. This allows for very granular queries, as well as complex logic, to enable users to find exactly what we’re looking for in the codebase.
Outcomes
During this session we will explain the querying logic of CxQL, cover the various atomic queries, and dive into some possibilities as well as cover some tips, common mistakes, integration and automation opportunities, and performance optimization.
Who
The target audience for this Session is:
- Developers
- AppSec professionals
- Security champions
- Checkmarx users (or potential users)
- Anyone interested in customizing their SAST approach.