In this talk, Erich Smith of JupiterOne will share how he and his team use static code analysis to assess the risk of a change set in CI/CD pipelines. The ability to understand specific application risk in the context of where that application sits relative to other assets and the ability to further assess the micro view of a given application in the context of the macro view of all assets can yield some surprising capabilities. All of this is done using free tools that support JupiterOne's belief that basic security is a fundamental right. Takeaways from this session will include:

• How to use high-level asset views to assess the risk of a Pull request 
• Some unix style tool chaining techniques 
• Implementing basic protections into your pipelines for $0!