When managing a massive, multi-language monolith with over 35 million lines of code, visibility into security risks is the first casualty. For Adyen, the challenge wasn’t just finding vulnerabilities, but identifying dependencies within a highly customized build environment.

In this technical session, Adyen DevSecOps expert Supun Vidana Pathiranage and JFrog’s Yonatan Arbel break down the architecture Adyen built to decouple dependency resolution from their core build system. This approach enables accurate, scalable visibility and reliable security scanning without disrupting developer workflows or requiring a total system rewrite.

In this session, you’ll learn:

- Architectural patterns for managing dependency visibility in massive, multi-language monorepos without rewriting your build system

- The Battlestar framework: how Adyen turns raw scan results into actionable security feedback that developers can act on

- Shift-left AppSec enforcement in practice: implementing security gates at the Merge Request level without slowing down delivery or drowning teams in false positives

You’ll leave with proven, actionable patterns for modernizing your software supply chain, enforcing meaningful security gates, and scaling DevSecOps across complex, real-world build environments.