Have you been in a situation where you had to help developers write secure code and you spent hours in training or code reviews? What if there was a way to make such reviews proactive?
This talk will discuss about using git-hooks for performing security scans. We will discuss using git hooks the usual way and how one team like application security can distribute the hooks across the organisation to enable developers write clean code. We will specifically talk about using pre-commit for code scanning.
We will look at ways we distribute the hooks to every developer in the company, problems we faced, how we collect metrics to understand usage pattern and efficiency. Problems like time consumption and other issues will also be discussed.
During this implementation there were a lot of challenges and lessons learned. Why current tools or frameworks won't work out. What could possibly go wrong when installing the hooks. We will discuss all of those.
