Apr 28 · 27 min read · Secure software requires both design-time and code-time protection. STRIDE threat modeling helps identify risks early in system design, while SonarQube enforces secure coding practices through static
Join discussion
Apr 19 · 3 min read · I thought my CI/CD pipeline was complete. Build ✔Docker ✔Deployment ✔ Everything was working end to end. Then I added one more step: Code quality. Introducing Code Quality into the Pipeline To make t
Join discussion
Mar 29 · 5 min read · "If you can't measure it, you can't secure it." In this post, I’m pulling back the curtain on the EduConnect CI/CD pipeline. We aren't just looking at code; we are looking at real-time security telem
Join discussion
Mar 29 · 10 min read · Finding a bug in production costs significantly more to fix than catching it during development. This is the core argument behind shift-left testing, the practice of moving quality checks earlier in t
Join discussionMar 23 · 5 min read · Introduction When managing multiple application pipelines using Devtron — an open-source Kubernetes-native CI/CD platform — teams often need a consistent way to enforce code quality standards across a
Join discussionMar 19 · 21 min read · Introduction Hello everyone, and welcome to my very first blog post! In this post, I’ll be starting with a foundational task in DevSecOps. For those of you new to this world, DevSecOps is simply the p
Join discussion
Mar 3 · 8 min read · Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code Linters enforce style. Static analysis finds bugs. The difference matters. ESLint will tell you about unused variables and inconsistent formatting. CodeQL will tell you that us...
Join discussionMar 1 · 6 min read · Real‑world DevOps implementation in a corporate Azure environment with private networking, PostgreSQL, NSG, and firewall troubleshooting. 📌 Introduction In most enterprise environments, Azure Virtu
Join discussion
