goSDL is “is a web application tool that serves as a self-service entry point for following a Security Development Lifecycle checklist in a software development project.” Slack has released goSDL under an MIT license.
Slack is known for churning out large amounts of code quickly with a relatively small developer team, and they had a hard time keeping up with security reviews for new features and fixes. With goSDL, developers complete a checklist for each of their contributions that identifies risk factors in their code and generates a ticket in Jira to notify relevant security people.
