GitHub Actions for Security Code Analysis

GitHub Actions for Security Code Analysis

Performing code analysis and security scans on your code is imperative to software craftsmanship. Over the years, I have had plenty of options for performing security scans, both with third-party vendors and open-source tools. I want to highlight some of my favorite GitHub Actions to run code analysis with a Security-focus in this post. Before diving into some of my favorites on GitHub, here are some recent posts related to code analysis and security that I published. Perhaps they can be insightful, too: Use the Microsoft Application Inspector to analyze your source codeWebsite security scanning with GitHub Actions and OWASP…

Read More

Website security scanning with GitHub Actions and OWASP ZAP

Website security scanning with GitHub Actions and OWASP ZAP

Security is a topic that should be on top of everyone's mind. Particularly security in software is vital, given the enormous growth in threats targeting online resources. I previously wrote about other developer-oriented security aspects that you might find interesting: Embrace a Security Development Lifecycle (SDL) for AzureAutomate Azure DevOps code security analysis with MSCAToday I want to highlight another approach: vulnerability checks on systems running in the cloud or on your servers. That is, not during development, but in the system where they are operating. In this post, I'm discussing how we can do this using GitHub Actions and…

Read More

Thoughts on Bring Your Own Key, or BYOK, to Azure Container Registry

Thoughts on Bring Your Own Key, or BYOK, to Azure Container Registry

In this article, I am exploring the capabilities of Bring Your Own Key with the Azure Container Registry. A way for you to get better control of the full Key Lifecycle Management process, should you need to. I am detailing a few of my thoughts that come up around different scenarios. I would be happy to hear about your own experiences and reasons for why BYOK helps you and your organization. Feel free to leave a comment or reach me on Twitter. ScenariosInstead of publishing purely technical piece guidelines, I am trying to angle some of my reasons and thoughts…

Read More