Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
snyk
Discontinued Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
dockerlint
Sonarqube: Broad analysis tool
Snyk for many languages
Sometimes developers leak GitHub tokens and various secrets in codebases which should be avoided. We should prevent the leaking of secrets when committing code. We can integrate Yelp’s detect-secret in our workflow, which we can use to scan files for secrets and whitelist false positives to reduce the noise.
Semgrep tool: Used for go, java, python
SpotBugs with Find sec bugs for Java
ESLint for Javascript
Related posts
- Java Checkstyle reports formatting as a warning, not an error despite my explicit severity
- Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.
- Code smell plugin
- What are some useful static analyzers for Java?
- Is there a tool to track CVEs for the software that we use?