Deepak parashartechfordummys.hashnode.dev·Sep 24, 2024DevSecOps Tools: A Comprehensive How-To Guide for YARN, GITLEAKS, NJSSCAN, SEMGREP, RETIRE, TRIVY, ZAP, SAST, and DASTIn the modern software development landscape, security has become a vital aspect of the development lifecycle. DevSecOps is the practice of integrating security into every phase of DevOps, ensuring that security is part of the continuous integration ...Discussnjsscan
Simon Crowesimoncrowe.hashnode.dev·Jun 29, 2024Django and Semgrep: Enforcing a Service Layer Using Static AnalysisIn my previous post about implementing a service layer in Django, I wrote about a simple pattern that "plays nice" with the mountain of functionality that comes with Django out-of-the-box, particularly the ORM. In this implementation, business logic ...Discuss·348 readsPython
Cloud Tunedcloudtuned.hashnode.dev·Jun 2, 2024An Introduction to Semgrep: Lightweight Static Analysis for Modern CodebasesAn Introduction to Semgrep: Lightweight Static Analysis for Modern Codebases Introduction In the world of software development, maintaining code quality and security is a continuous challenge. Traditional static analysis tools can be cumbersome, slow...Discusssemgrep
Raushan RajforCloud Security Operations Centerraushanraj-1664511904508.hashnode.dev·Apr 13, 2023DevSecOps - OpenSource SAST for your CI/CD pipelineDevSecOps stands for Development, Security, and Operations. DevSecOps involves introducing security practices and integrating tools earlier in the software development life cycle (SDLC), rather than treating security as a separate, post-development a...Discuss·192 readsSAST
0xdbe0xdbe.hashnode.dev·Oct 23, 2022GitHub: How To Enable Code Scanning With SemgrepSemgrep is an incredible static analysis engine that can be used for finding bugs, detecting vulnerabilities and even for enforcing code standards. Semgrep is a Swiss army knife for static code analysis. This article describes how to automate the dis...Discuss·94 readsSecurity
Max Maassblog.maass.xyz·Sep 14, 2022Spring Actuator Security, Part 2: Finding Actuators using Static Code Analysis with semgrepIn the first part of this series, we have discussed the risks inherent in exposing the Actuator functionality of the Spring framework. If you haven't read that part yet, I recommend that you do so before reading this article. In this article, we wi...Discuss·2.0K readsSpring Actuator SecuritySecurity
