Scanning at scale using Semgrep and CycloneDX at FanDuel

When looking at the diverse landscape of source code repositories at a large organization like FanDuel, a series of questions arise:
What patterns currently exist across these repositories?
What patterns should exist? (ideal state)
How aligned are the current patterns with our ideal state?

Combining theory, practicality, and memes, we demonstrate how FanDuel set out to answer these questions by creating a platform empowering relentless iteration. Learn from our real-world case study how the convergence of application security, data schemas, and vulnerability management—powered by OWASP CycloneDX and Semgrep—revolutionizes the prevention and mitigation of risks. Step into the forefront of innovation and discover a new paradigm that transforms challenges into opportunities in the dynamic information security landscape.

Speaker Bio: David Volm, a Cybersecurity hacker with 14+ years of experience, is currently immersed in Application Security at FanDuel. David’s journey has been diverse, from contributing to open-source projects like npm and CastleCMS to navigating roles in Development, Security, and Systems Architecture. He’s particularly captivated by Application Security Data Schemas, firmly asserting that “security is just a data problem.” As an active member of the security community, David is all about sharing insights, collaborative learning, and, most importantly, being obsessed with Kubernetes!