http://shivasurya.me/categories/security-reviews/Recent content in Security-Reviews on ShivasuryaHugoen-usThu, 27 Jun 2024 00:00:00 +0000http://shivasurya.me/2024/06/27/automate-security-code-reviews-with-cody-ai/Thu, 27 Jun 2024 00:00:00 +0000http://shivasurya.me/2024/06/27/automate-security-code-reviews-with-cody-ai/<h3 id="intro">Intro</h3> <h3 id="need-for-semi-autonomous-security-code-reviews">Need for semi-autonomous security code reviews</h3> <p>My job as a security engineer (application security context) is to read source code and perform security reviews. Most of the time, mainly corelate the source code with frameworks &amp; libraries, understand context where the code executes and enumerate all security risks. While there are lot of second generation SAST scanning tools in the market which is good at identifying patterns, eliminate false positive, executes and brings up results in minutes. I believe,</p>