Diogo Lemos
Security Engineer
OLX Group
Diogo is a Security Engineer focused on automation, scalable security tools, and cloud security. He has worked at Checkmarx, Flutter Entertainment and now OLX. He contributes to open-source projects and has spoken at BSides, BalCCon and other events.
Speaker sessions
Building vs. Buying – A Tale of Developing an In-House SCA Tool
In this talk, I’ll share the story of how our team built an open-source, in-house Software Composition Analysis (SCA) tool to better manage third-party dependencies across projects. Rather than relying on expensive, rigid commercial tools, we built something lightweight, free, and flexible designed to actually work within real engineering workflows.
- 13:00
- Tue
- 02 Dec
Stage:
Arsenal 1
Sessions Type:
Demo
Building vs. Buying – A Tale of Developing an In-House SCA Tool
In this talk, I’ll share the story of how our team built an open-source, in-house Software Composition Analysis (SCA) tool to better manage third-party dependencies across projects. Rather than relying on expensive, rigid commercial tools, we built something lightweight, free, and flexible—designed to actually work within real engineering workflows.I’ll walk through the motivations, technical decisions, and lessons learned along the way—from implementing custom dashboards and scoring systems to integrating it directly into CI/CD pipelines. I’ll also touch on how we automated updates and prioritized risks more effectively.As part of the session, I’ll run a live demo of the tool to show how it works in practice—scanning dependencies, flagging vulnerabilities, generating reports, and offering a quick view of security posture. This will give attendees a clear sense of how they can start using or adapting it themselves.
- 17:00
- Thu
- 04 Dec
Stage:
Briefings 2
Sessions Type:
Presentation