Not every scrappy startup or community project has the ability to drop hundreds of thousands of dollars on the latest and greatest enterprise-grade application security tooling, but that shouldn’t stop them from automatically securing their code. There are many open-source tools that, if properly configured together, can provide quick and actionable results for developers. It’s possible to create a free AppSec pipeline that lets developers focus on getting to market with a secure product instead of fighting fires once the first responsible disclosure comes in. We’ll talk through a developer’s options when it comes to free SAST, DAST, SCA, and vulnerability management tooling and the pros and cons of each. We’ll also touch on how to pay attention to licensing when transitioning from a good idea in someone’s home office to a sellable product. There will be some short, technical demos to preview the tools, but this is focused on open source tooling, not enterprise software.