Implementasi Devsecops Dengan Metode Static Application Security Testing (Sast) Menggunakan Snyk Pada Aplikasi Berbasis Container

Abstract

This research proposes the use of DevSecOps with the Static Application Security Testing (SAST) approach using the Snyk platform to enhance efficiency and security in the software development process. The SAST methodology enables testing of potential cybersecurity exploits during the system's building and maintenance phases. By employing Snyk, a security scanning platform that can integrate with Integrated Development Environments (IDEs) and support container or cloud-based applications, developers can automatically and comprehensively scan their code, Quantitative testing was conducted by scanning 10 websites of Politeknik Caltex Riau, revealing a total of 1089 vulnerabilities, with the majority falling into the "Low" category. These findings indicate that low-level vulnerabilities dominate the tested systems. Meanwhile, qualitative testing was performed through interviews with programmers as the respondents. During the interviews, programmers stated that the use of Snyk SAST in the development process allowed them to detect security gaps before releasing to the public. They also found Snyk's recommendations and suggestions valuable for making improvements.

Keywords: DevSecOps, Static Application Security Testing (SAST), Snyk, IDE, security vulnerabilities, software development.