BSidesLuxembourg 2026

Everyone agrees leaked secrets are dangerous, yet most organizations still struggle to detect, triage, and fix them effectively. Scanners generate noise, developers ignore alerts, and real secrets slip through unnoticed.

This talk shares the real-world story of building a turnkey secrets scanning and triage platform from scratch, using and extending open-source tools. Designed for scale, the system focuses on reducing false positives, automating validation, and integrating seamlessly into CI/CD pipelines.

Through live demos and practical examples, attendees will see how to turn secrets detection from a checkbox into an actionable security program. The session focuses on real engineering decisions, lessons learned, and how the community can reuse these ideas to solve a problem many know exists, but few truly address.

Most organizations run Software Composition Analysis, yet very few actually use the results effectively. Alerts pile up, developers ignore findings, and security teams drown in noise.

This talk tells the story of building an in-house SCA platform from scratch using open-source tooling, designed to scale across large organizations while focusing on what actually matters. We’ll explore how to normalize results, prioritize vulnerabilities based on real risk, and integrate SCA into CI/CD in a way developers don’t hate.

Backed by real production usage and a live demo, this session focuses on practical techniques, not theory, to turn SCA from a checkbox into something teams can act on. Attendees will leave with ideas, patterns, and open-source approaches they can apply immediately.