-
GitHub Code Scanning Using Third-Party Actions
GitHub’s code scanning helps identify vulnerabilities and errors in your codebase, and while CodeQL is a powerful built-in option, you can also integrate third-party tools for a tailored approach. Configuring code scanning with third-party actions allows you to leverage tools like SonarQube, Checkmarx, or Trivy within GitHub Actions workflows. By uploading results in SARIF format,…
-
Code Security with GitHub Code Scanning and CodeQL Custom Queries
For this blog, we’ll enhance the advanced setup in our Instance-Security repo (a Java/Maven project) by creating a custom query pack to test CodeQL’s flexibility. If you haven’t explored our blog on Code Scanning with Advanced CodeQL Setup, we strongly recommend checking it out first, as it’s a prerequisite for following along with this blog.…
-
Code Security with GitHub Code Scanning and Advanced CodeQL Setup
Advanced setup for code scanning is ideal when you need a tailored approach to securing your codebase. By crafting and modifying a workflow file, you can customize the scanning process extensively.
-
Code Scanning with GitHub and CodeQL
What is Code Scanning? Code scanning is a GitHub feature designed to help developers identify security vulnerabilities and coding errors in their projects before they become bigger problems. It analyzes your code automatically, flags potential issues like SQL injection or cross-site scripting (XSS), and displays them as alerts right in your repository. Picture it as…
-
Rollback strategy using AWS CodeDeploy
Dive into collaborative coding, envisioning a seamless process where developers’ commits trigger automatic builds, tests, and deployments. Starting with a manual deployment of HTML code on a Nginx web server, we transition into the world of AWS CodePipeline, automating the CI/CD pipeline for our sample code. To add a twist, we deliberately introduce deployment errors,…
-
Automating CI/CD With AWS CodePipeline
A Comprehensive Overview Of CI/CD: Think you’ve got CI/CD down? Test your knowledge, skip ahead. Need a helping hand? Stay put, we’ve got you covered! Continuous integration and continuous deployment (CI/CD) pipelines are like handy assistants that automate key tasks in delivering software – things like building, testing, and deploying. Picture it as a safe…
-
AWS DevOps with Java Application
An Overview of the application that we will be deploying: My Shuttle is your one-stop solution for hassle-free transportation. This open-source, Java/JEE application streamlines bookings, simplifies driver management, and delivers an intuitive admin portal – all with the power of Linux, Apache, and MySQL. Say goodbye to booking delays and inefficient operations. My Shuttle empowers…