Scanning at scale using Semgrep and CycloneDX at FanDuel

When looking at the diverse landscape of source code repositories at a large organization like FanDuel, a series of questions arise:

• What patterns currently exist across these repositories?
• What patterns should exist? (ideal state)
• How aligned are the current patterns with our ideal state?

Combining theory, practicality, and memes, we demonstrate how FanDuel set out to answer these questions by creating a platform empowering relentless iteration. Learn from our real-world case study how the convergence of application security, data schemas, and vulnerability management—powered by OWASP CycloneDX and Semgrep—revolutionizes the prevention and mitigation of risks. Step into the forefront of innovation and discover a new paradigm that transforms challenges into opportunities in the dynamic information security landscape.