Performing code analysis and security scans on your code is imperative to software craftsmanship. Over the years, I have had plenty of options for performing security scans, both with third-party vendors and open-source tools. I want to highlight some of my favorite GitHub Actions to run code analysis with a Security-focus in this post. Before diving into some of my favorites on GitHub, here are some recent posts related to code analysis and security that I published. Perhaps they can be insightful, too: Use the Microsoft Application Inspector to analyze your source codeWebsite security scanning with GitHub Actions and OWASP…
All posts in cybersecurity
Security is a topic that should be on top of everyone's mind. Particularly security in software is vital, given the enormous growth in threats targeting online resources. I previously wrote about other developer-oriented security aspects that you might find interesting: Embrace a Security Development Lifecycle (SDL) for AzureAutomate Azure DevOps code security analysis with MSCAToday I want to highlight another approach: vulnerability checks on systems running in the cloud or on your servers. That is, not during development, but in the system where they are operating. In this post, I'm discussing how we can do this using GitHub Actions and…
In this article, I am exploring the capabilities of Bring Your Own Key with the Azure Container Registry. A way for you to get better control of the full Key Lifecycle Management process, should you need to. I am detailing a few of my thoughts that come up around different scenarios. I would be happy to hear about your own experiences and reasons for why BYOK helps you and your organization. Feel free to leave a comment or reach me on Twitter. ScenariosInstead of publishing purely technical piece guidelines, I am trying to angle some of my reasons and thoughts…
Here's a list of simple and efficient tips to stay more secure when Working From Home. Cybersecurity tips for Remote Workers that anyone can benefit from!