wg-best-practices-os-developers
bicep
Our great sponsors
wg-best-practices-os-developers | bicep | |
---|---|---|
16 | 74 | |
622 | 3,111 | |
5.9% | 1.2% | |
9.7 | 0.0 | |
2 days ago | 1 day ago | |
JavaScript | Bicep | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
- 'Securing Open Source Software Act' Introduced to US Senate
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
bicep
-
The issue of recursive module calls in declarative infrastructure-as-code
I thought it was a good idea, but Bicep did not agree. I have submitted a proposal to the Bicep team for how this can be allowed. Vote for this issue if you agree!
-
Rethinking Infrastructure as Code from Scratch
Bicep has limitations which makes it non-declarative even though it is marketed as declarative: https://learn.microsoft.com/en-us/azure/azure-resource-manag...
MSFT is trying to add features to make this better, but it is not in production yet: https://github.com/Azure/bicep/issues/10460
Additionally, Bicep does not support interacting with Azure Active Directory: https://github.com/Azure/bicep/issues/7724
So it really is not very useful. Terraform is better in almost every single conceivable way.
-
Need an advice between Azure Bicep and Terraform.
Github: https://github.com/Azure/bicep/issues/9569
- Is Bicep built on top of ARM or not?
-
Create your first Azure Bicep Template
Since its launch Bicep has become popular within the IT community. You can find blog posts, tweets, conference sessions, and plenty of interaction on the official Bicep GitHub space. Bicep became production ready at v0.3. It is supported by Microsoft Support Plans.
-
How do you all start developing your arm template
Please give Azure Bicep a try. You get a really simple experience with all the benefits of using the platform native capabilities https://github.com/Azure/bicep
-
DevOps ARM to Bicep Migration - Parameter Files
I was on the bicep call last month but that doesn't mean I didn't miss the announcement, it looks like they are getting close though - https://github.com/Azure/bicep/issues/8598
-
Bicep Extension Finally Arrives in Visual Studio! Here's What You Need to Know
Bicep, the open source project used by Visual Studio Code to extend its capabilities, has finally arrived in Visual Studio, enabling users of Microsoft’s flagship IDE to use some of Bicep’s most popular features in the same program they have been using since they were introduced to it — in other words, Visual Studio itself.
-
How to pass Bicep outputs between YAML steps
In addition, check the similar issue on GitHub.
-
Bicep code design best practice - input very much appreciated!
There is an ongoing thread here https://github.com/Azure/bicep/issues/1853
What are some alternatives?
aper - A Rust data structure library built on state machines.
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
Pester - Pester is the ubiquitous test and mock framework for PowerShell.
tz - Time zone database and code
azure-cli - Azure Command-Line Interface
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
azure-quickstart-templates - Azure Quickstart Templates
serverless-graphql - Serverless GraphQL Examples for AWS AppSync and Apollo
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
Zulip - Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
infracost - Cloud cost estimates for Terraform in pull requests💰📉 Shift FinOps Left!