-
GitHub Code Scanning Using Third-Party Actions
GitHub’s code scanning helps identify vulnerabilities and errors in your codebase, and while CodeQL is a powerful built-in option, you can also integrate third-party tools for a tailored approach. Configuring code scanning with third-party actions allows you to leverage tools like SonarQube, Checkmarx, or Trivy within GitHub Actions workflows. By uploading results in SARIF format,…
-
Code Security with GitHub Code Scanning and CodeQL Custom Queries
For this blog, we’ll enhance the advanced setup in our Instance-Security repo (a Java/Maven project) by creating a custom query pack to test CodeQL’s flexibility. If you haven’t explored our blog on Code Scanning with Advanced CodeQL Setup, we strongly recommend checking it out first, as it’s a prerequisite for following along with this blog.…
-
Code Security with GitHub Code Scanning and Advanced CodeQL Setup
About Advanced Setup for Code Scanning Advanced setup for code scanning is ideal when you need a tailored approach to securing your codebase. By crafting and modifying a workflow file, you can customize the scanning process extensively. This includes specifying how to compile languages, selecting specific CodeQL queries to execute, choosing which languages to analyze,…
-
Code Scanning with GitHub and CodeQL
What is Code Scanning? Code scanning is a GitHub feature designed to help developers identify security vulnerabilities and coding errors in their projects before they become bigger problems. It analyzes your code automatically, flags potential issues like SQL injection or cross-site scripting (XSS), and displays them as alerts right in your repository. Picture it as…
-
Complete Guide to Installing SonarQube on Windows with External PostgreSQL Database
In this blog I will be showcasing the SonarQube server installation and setting-up an external PostgreSQL Database to it. There are some pre-requisites for installing SonarQube Server and you can follow the below documentation link for the same. https://docs.sonarsource.com/sonarqube-server/latest/setup-and-upgrade/installation-requirements/server-host You can download the SonarQube server from the below link. https://www.sonarsource.com/products/sonarqube/downloads/?_gl=1*9fb3el*_gcl_au*OTQ0MzM2Nzc2LjE3NDQwMTg4NTc.*_ga*OTk2NDQ3NDUzLjE3NDQwMTg4NTg.*_ga_9JZ0GZ5TC6*MTc0NDE3NTc2Ny4zLjEuMTc0NDE4MTg5NC41MS4wLjA. Once you click on the…
-
Canarys Automations is now a SonarQube GOLD Partner
We are thrilled to announce that Canarys Automations is now a SonarQube GOLD Partner! This milestone reinforces our commitment to enabling organizations with best-in-class code quality and security solutions as part of a robust DevSecOps strategy. A Full Circle in DevSecOps At Canarys, we have always championed end-to-end DevOps excellence, and this partnership with SonarQube…
-
Canarys Automations wins GitHub Channel Partner of the Year 2024 for Asia Pacific region!
We are excited to share some thrilling news: Canarys Automations has been awarded the prestigious GitHub Channel Partner APAC Region of the Year 2024! This accolade reflects our relentless pursuit of excellence and innovation within the GitHub ecosystem and highlights our commitment to empowering developers and organizations across the Asia-Pacific region. A Testament to Our Dedication…
-
Implementing DevSecOps in GitLab
In the world of software creation, ensuring security throughout the development process has become incredibly important. GitLab, a powerful platform for DevOps, offers a smooth path to introducing DevSecOps practices. This guide will take you through the essential steps to integrate security seamlessly into your pipelines using GitLab. Understanding DevSecOps In a DevSecOps environment, security…