Incoming
checkov
Our great sponsors
Incoming | checkov | |
---|---|---|
42 | 54 | |
308 | 6,540 | |
-0.3% | 2.6% | |
4.2 | 9.9 | |
24 days ago | about 15 hours ago | |
Ruby | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Incoming
-
Best practices for DB modifications MySQL
This article from HoneyBadger explains most relevant topics about Rails DB transactions.
-
A guide to exception handling in Python
Honeybadger is a powerful error-monitoring tool for Python applications. Integrating an error monitoring service like Honeybadger into your development workflow provides numerous benefits for effectively managing exceptions. From real-time notifications and error grouping to rich diagnostics and trend analysis, Honeybadger equips you with the tools you need to quickly identify, investigate, and resolve errors and ultimately enhance the overall quality and reliability of your applications. To demo this, let's now explore some features and examples of integrating Honeybadger into your Python code.
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
honeybadger.io - Exception, uptime, and cron monitoring. Free for small teams and open-source projects (12,000 errors/month).
-
Debugging an Application in Production
It sounds like you want to implement an exception monitoring tool like Honeybadger (my company), Sentry, or similar. They will tell you when someone encounters an error with your app, where the error occurred, and what the state of the app was (parameters, etc.) at the time of the error.
-
Let’s scan DEV’s forem project with Bearer and analyze the results
You may wonder why this is a problem. In the case of this code, we're sending the user's username to a third-party service. While username isn't inherently sensitive data, it certainly has to potential to be and should be treated as such. It's better to use IDs that can't identify the user if the third party—in this case, honeybadger—is breached. You can see the full list of supported data types, sorted by category, on the docs.
-
Exception Handling in JavaScript
Sign up on the Honeybadger website and click on ‘start free trial’, as shown in the following image.
- Have you ever been mad enough at a company treating you wrong that you thought about building your own solution? Well, back in 2012 we did that! This is the story of how three devs with an app have thrived amid an excess of venture-capital-backed competitors.
- Monitoring doesn't have to be so complicated. That's why we built the monitoring tool we always wanted: a tool that's there when you need it, and gets out of your way when you don't—so that you can keep shipping
- Do you currently use one service for uptime monitoring, another for error tracking, another for status pages and yet another to monitor your cron jobs and microservices? Paying for all of those services separately may be costing you more than you think.
checkov
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Checkov Owner/Maintainer: Prisma Cloud by Palo Alto Networks (acquired in 2021) Age: First released on GitHub on March 31st, 2021 License: Apache License 2.0
-
Top Terraform Tools to Know in 2024
Checkov is another great tool that examines your Terraform files (.tf), parsing the configurations and evaluating them against a comprehensive set of predefined policies. It scans Terraform-managed infrastructure and detects misconfigurations that could lead to security issues or non-compliance with best practices and regulations.
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Bridgecrew — Infrastructure as code (IaC) security powered by the open source tool - Checkov. The core Bridgecrew platform is free for up to 50 IaC resources.
-
10 Ways for Kubernetes Declarative Configuration Management
Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.
-
Top 10 terraform tools you should know about.
Checkov is a versatile static code analysis tool designed for infrastructure as code (IaC) and software composition analysis (SCA). It supports a wide range of technologies, including Terraform, CloudFormation, Kubernetes, Docker, and others, to detect security and compliance issues through graph-based scanning. Checkov also performs SCA scans, identifying vulnerabilities in open source packages and images by checking for Common Vulnerabilities and Exposures (CVEs). Additionally, it is integrated into Prisma Cloud Application Security, a platform that helps developers secure cloud resources and infrastructure-as-code files, enabling the identification, rectification, and prevention of misconfigurations throughout the development lifecycle.
-
Understanding Container Security
For your Dockerfiles, you can also scan them. There are lots of tools that can check your Dockerfiles. They will validate if Dockerfile is compliant with Docker best practices such as not using root user, making sure a health check exists, and not exposing the SSH port. You can use Snyk and Checkov.
-
Apim + function app & event grid
You could try https://www.checkov.io/
-
Terraform Security Best Practices
We use https://www.checkov.io/ for this, it's very simple to get started with and works really well as PR quality gate
-
How long have you guys actually had the title “platform engineer”? What other titles did you have before that, if any?
Once there is a CI pipeline for delivering infra changes you can add static code analysis tools (checkov) and even start testing changes (terratest)
-
What are the best static analysis security testing tools for Terraform and infrastructure as code?
I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at https://www.checkov.io/
What are some alternatives?
Ahoy Email - First-party email analytics for Rails
tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]
Griddler - Simplify receiving email in Rails
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Sup - A curses threads-with-tags style email client (mailing list: [email protected])
tflint - A Pluggable Terraform Linter
Maily - 📫 Rails Engine to preview emails in the browser
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
Mailman
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Markerb
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.