24 Photos and videos
Ryan Day retweeted
4 Jan 2022
Don't just bindly use latest tag of any Docker image: e.g. the node:latest image has >600 packages installed with ~80 H & C CVEs. I bet you don't need all of those packages in your production environment. Choose your base image tag wisely. dso.atomist.com/images/node/…
4
5
Ryan Day retweeted
30 Dec 2021
Your base container images can bring in unexpected vulnerabilities, which can differ hugely between versions of the same image. Free resource using Atomist's vulnerability database to help see whether you're on the safest image you can be: dso.atomist.com/explore @atomist
3
19
Ryan Day retweeted
24 Dec 2021
A #docker base image used to be a black box. By indexing all packages/CVEs of an image, grouping them by layers and linking to the Dockerfile line that produced a layer, I gained a much better understanding of what we run in production. #DevSecOps dso.atomist.com/images/nginx…
11
19
Ouch
10 Dec 2021
If you're running these containers, you're likely at risk due to the log4j zero-day. More details - us-east1-atomist-skill-produ…
At Atomist we're monitoring public images for vulnerabilities. We'll open up this feature next week.
It's fun working to make security info more relevant for developers. What do you love or hate about your security tools and process?
1
Ryan Day retweeted
21 Dec 2020
I’d love to hear about your DevSecOps journey and share some ideas on a new approach we’re working on at @atomist. We'll donate $50 to a charity in appreciation for your time. Looking forward to chatting with you! forms.gle/GMwAD51v7UeqfMxZ9
2
7
12
There are many possible approaches to automate a task. @ddgenome illustrates tackling a scenario with Actions and Atomist Skills.
Leave no dependency behind. 🔍 Automatically remove unused dependencies and add undeclared dependencies. 🔒
10 Nov 2020
Run depcheck from @rumpl as an @atomist skill to keep your #npm dependencies in check and receive PRs to fix issues.go.atomist.com/catalog/skill… - I absolutely love those every day helpers that make my dev life easier!
Let the npm audit fix robots help make code security more 🌟
2
Ryan Day retweeted
28 Oct 2020
Often we want to apply consistent behavior to many repositories instead of editing CI files one by one. This is easy with Atomist skills. Take keeping license headers up to date everywhere they're needed. Eliminate drudgery and get it right every time. go.atomist.com/catalog/skill…
2
4
Secret leak prevention requires a defense-in-depth solution. Tools like @github secret scanning and @atomist secret scanner help. blog.atomist.com/p/2c372576-… #DevSecOps
1
1
Review reminders and stale issue handling ftw
1 Oct 2020
Two new @atomist skills to make your open source contributor life easier: manage stale issues go.atomist.com/catalog/skill… and pull request review reminders go.atomist.com/catalog/skill…. We use those every day!
1
Using slash commands like /pr right from a git commit to automate creating a PR (which you were gonna do manually on @github afterward anyway) 🙇 @slimslenders
14 Sep 2020
Doing More With Git Commit Messages blog.atomist.com/doing-more-…
1
Ryan Day retweeted
14 Sep 2020
Doing More With Git Commit Messages blog.atomist.com/doing-more-…
3
5
Nice post on why you want to keep branches rebased automatically @radekhubner. 🙌 @atomist
5 Aug 2020
Safe your time and start to rebase automatically.
radekhubner.com/blog/how-to-…
#development #automate #github
1
1
Automatically set up your ESLint config for local dev and on push for all of your repos in one fell swoop. @geteslint @atomist youtu.be/galclyJ3BZg
The easiest way to keep on top of npm vulnerabilities in your projects — just turn on npm audit support and get @github checks, changes as commits or a PR if you like. go.atomist.com/catalog/skill…
17 Jul 2020
In time for the weekend, two new @atomist skills for the #javascript devs out there: #npm Audit and npm Build. Give them a try. go.atomist.com/catalog/skill… & go.atomist.com/catalog/skill…