C# developer in PVS-Studio team. Participates in development of the core of the C# analyzer, also engaged in creation of new diagnostics and DevOps-utilities.
Author of articles about opensource-projects checks.
In this talk I will tell about finding errors and weaknesses (CWE) in code using static code analysis (SAST) that prevents their transformation into vulnerabilities (CVE). I will give real examples.