Raushan RajforCloud Security Operations Centerraushanraj-1664511904508.hashnode.dev·Apr 13, 2023DevSecOps - OpenSource SAST for your CI/CD pipelineDevSecOps stands for Development, Security, and Operations. DevSecOps involves introducing security practices and integrating tools earlier in the software development life cycle (SDLC), rather than treating security as a separate, post-development a...Discuss·163 readsSAST
0xdbe0xdbe.hashnode.dev·Oct 23, 2022GitHub: How To Enable Code Scanning With SemgrepSemgrep is an incredible static analysis engine that can be used for finding bugs, detecting vulnerabilities and even for enforcing code standards. Semgrep is a Swiss army knife for static code analysis. This article describes how to automate the dis...Discuss·89 readsSecurity
Max Maassblog.maass.xyz·Sep 14, 2022Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrepIn the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...Discuss·2.2K readsSpring Actuator SecuritySecurity