I am CSSLP and from software development / Application security background. I was wondering if there is any group which is actively discussing DevSecOps specially from Application security and scanning tools used in Release management process.
Thanks in advance.
I don't know about a specific group, but we have been using Veracode for SAST and DAST in our SDLC for almost a year. We've been pretty happy, though the contract is coming up, so time to look around a little to see what else is out there. They have a nice program, some online training (Not that great for an advanced team), support multiple languages, including Go, which one of our projects is written in and isn't as broadly available. What kind of information are you looking for?