wg-best-practices-os-developers
supabase
Our great sponsors
wg-best-practices-os-developers | supabase | |
---|---|---|
16 | 761 | |
622 | 65,456 | |
5.9% | 3.1% | |
9.7 | 10.0 | |
3 days ago | 1 day ago | |
JavaScript | TypeScript | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-best-practices-os-developers
-
12 Free Courses To Help You Develop More Secure Software - Shift Security Left
You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.
-
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding
In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.
-
Compiler Options Hardening Guide for C and C++
https://github.com/ossf/wg-best-practices-os-developers/issu...
The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!
-
OSCM: The Open Source Consumption Manifesto
These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.
-
Best practices for effective attack surface analysis
Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.
-
Need help with use cases for my new open-source project that deals with open-source security
You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
- 'Securing Open Source Software Act' Introduced to US Senate
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
supabase
-
AI Inference now available in Supabase Edge Functions
Semantic search demo
-
Creating an OG image using React and Netlify Edge Functions
1. Create a new Supabase project: Visit Supabase and create a new project.
-
11 Planetscale alternatives with free tiers
Supabase positions itself as the "open source Firebase alternative." It was founded in 2020 and is a developer-friendly serverless database platform that supports over 20 frameworks, including popular tools like Next.js, React, Nuxt, Svelte, Flutter, and Vue.
-
Implementing semantic image search with Amazon Titan and Supabase Vector
You can find the full application code as a Python Poetry project on GitHub.
-
The Many Ways Not to Build an API
If you use PostgreSQL and are proficient with using its row-level security feature, you can choose from several tools/services built above RLS, including Supabase, PostgREST, and PostGraphile. They all provide a way to expose database CRUD as a web API, assuming you've configured the RLS rules to properly secure the access.
-
Building a Fast, Efficient Web App: The Technology Stack of PromptSmithy Explained
Here the thing that accelerated my development the most: Supabase. Thanks to its Database, Authentication, and Edge Functions, we were able to rapidly develop the app. Their JS library made development super seamless, and their local development stack made testing a breeze.
-
Sites, 125M accounts, 1 Vulnerability
On certain databases, yes
We only scanned for firestore, which is a NoSQL database, conversion tools may still be possible, a good firebase alternative would be https://supabase.com, but please set up RLS, its IMO much easier then Firebase.
-
No More Free Tier on PlanetScale, Here Are Free Alternatives
Supabase - PostgreSQL
-
Postgres/Supabase RLS Tips
I am working on a Supabase project that is going to have a data model that supports content (called nuggets) that can belong to either users individually or to teams.
-
How to add Passkey Login to Next.js using NextAuth and Hanko
Supabase as our DB
What are some alternatives?
aper - A Rust data structure library built on state machines.
Appwrite - Build like a team of hundreds_
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
pocketbase - Open Source realtime backend in 1 file
tz - Time zone database and code
nhost - The Open Source Firebase Alternative with GraphQL.
bicep - Bicep is a declarative language for describing and deploying Azure resources
neon - Neon: Serverless Postgres. We separated storage and compute to offer autoscaling, branching, and bottomless storage.
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
next-auth - Authentication for the Web.
serverless-graphql - Serverless GraphQL Examples for AWS AppSync and Apollo
Hasura - Blazing fast, instant realtime GraphQL APIs on your DB with fine grained access control, also trigger webhooks on database events.