2 of 2 Contract Static Application Security Testing Jobs in the North of England

scan, and deployment processes. Extend Python tooling for SLSA provenance, SBOM generation, hash/digest validation, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container). Optimise pipeline performance using parallel builds, caching, scope-reduced BOMs, and dependency prefetching. Ensure artifact integrity through correct SHA1/SHA256 mapping … Terraform, and container image metadata. Knowledge of supply-chain security, including SLSA, CycloneDX SBOMs, and digests. Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven skills in pipeline performance tuning, including caching, parallelisation, and dependency pruning. Awareness of compliance and security standards relevant to CI/ ...

package, scan, deploy). Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ,SAST/Container). Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch). Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence … Helm/Terraform and container image metadata. Supply-chain security (SLSA, CycloneDX SBOM, digests). Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven performance tuning (caching, parallelization, dependency pruning). Compliance Awareness. ...