Static Code Analyses - Checkov, Terraform and Azure DevOps
Static Code Analyses is a method of reviewing code against policies before deploying it, identifying weaknesses before they are live vulnerabilities in your environment. This is not new, tools for this purpose have been around for a while for develop...
jamescook.dev5 min read
Nicklas Møller Jepsen
Everything Azure and .NET
Great article - really useful for me as we are currently in the progress of adding code analysis to most of our bigger projects. We are using SonarQube for all our .net projects, I can recommend that one as well!