Tag: CodeSecurity

  • GitHub Code Scanning Using Third-Party Actions 

    GitHub’s code scanning helps identify vulnerabilities and errors in your codebase, and while CodeQL is a powerful built-in option, you can also integrate third-party tools for a tailored approach. Configuring code scanning with third-party actions allows you to leverage tools like SonarQube, Checkmarx, or Trivy within GitHub Actions workflows. By uploading results in SARIF format,…

  • Code Security with GitHub Code Scanning and CodeQL Custom Queries 

    For this blog, we’ll enhance the advanced setup in our Instance-Security repo (a Java/Maven project) by creating a custom query pack to test CodeQL’s flexibility. If you haven’t explored our blog on Code Scanning with Advanced CodeQL Setup, we strongly recommend checking it out first, as it’s a prerequisite for following along with this blog.…

  • Code Security with GitHub Code Scanning and Advanced CodeQL Setup

    Advanced setup for code scanning is ideal when you need a tailored approach to securing your codebase. By crafting and modifying a workflow file, you can customize the scanning process extensively.

  • Code Scanning with GitHub and CodeQL

    What is Code Scanning? Code scanning is a GitHub feature designed to help developers identify security vulnerabilities and coding errors in their projects before they become bigger problems. It analyzes your code automatically, flags potential issues like SQL injection or cross-site scripting (XSS), and displays them as alerts right in your repository. Picture it as…

  • GitHub Copilot and SonarQube for IDE: A Powerful Duo for Smarter
    Development

    Understanding GitHub Copilot and SonarQube for IDE

  • Canarys Automations is now a SonarQube GOLD Partner

    We are thrilled to announce that Canarys Automations is now a SonarQube GOLD Partner! This milestone reinforces our commitment to enabling organizations with best-in-class code quality and security solutions as part of a robust DevSecOps strategy. A Full Circle in DevSecOps At Canarys, we have always championed end-to-end DevOps excellence, and this partnership with SonarQube…