When managing a massive, multi-language monolith with over 35 million lines of code, visibility is the first casualty. For Adyen, the challenge wasn’t just finding vulnerabilities, but identifying dependencies at all within a highly customized build environment.

In this technical session, Adyen DevSecOps Specialist Supun Vidana Pathiranage and JFrog’s Yonatan Arbel break down the architecture Adyen built to decouple dependency resolution from their core build system. This approach enables accurate, scalable visibility and reliable security scanning without disrupting developer workflows or requiring a total system rewrite.

In this session, you’ll learn:

• Architectural patterns for managing dependency visibility in massive, multi-language monorepos without rewriting your build system
• How Adyen integrated a custom-built pipeline with JFrog Xray, including the constraints, compromises, and design decisions that made deep SCA scanning possible
• The Battlestar framework: how Adyen turns raw scan results into actionable security feedback that developers can act on
• Shift-left AppSec enforcement in practice: implementing security gates at the Merge Request level without slowing down delivery or drowning teams in false positives

You’ll leave with concrete patterns for modernizing your software supply chain, enforcing meaningful security gates, and scaling DevSecOps across complex, real-world build environments.