Tag: CICD
Vulnerability Scanning in GitHub CI/CD Workflow using Grype
What is Grype? Grype is a vulnerability scanner for container images and filesystems. It’s processor is Anchore engine. Grype can scan a directory, container image or SBOM file. Grype can be used in a CI/CD workflow to find out security issues in git PRs or to check main/master branches with scheduled workflow runs. When using…
Security Scanning in GitHub CI/CD workflow using Trivy
What is Trivy? Trivy is an open-source security vulnerability and misconfiguration scanning tool. It can scan Container images, Filesystems, Git repos and Kubernetes Cluster/Resources. Trivy can be used in a CI/CD workflow to find out security issues in git PRs or to check main/master branch with scheduled workflow runs. It supports table, json, sarif output…
Security Scanning on GitHub code repo using CodeQL
What is CodeQL? CodeQL is a code analysis engine and query tool for running security vulnerability checks to find out vulnerabilities across a repository. CodeQL treats code like data. When we run CodeQL, it extracts a single relational representation of each file in the codebase to create CodeQL database. Then it runs queries against the…
Git: Squash commits
Squash Git Commits Git has a feature called squash, which allows users to combine multiple commits into a single commit in a branch. By squashing commits, we can keep repository’s commit history clean and neat. Users generally squash commits when merging branches into “master” or “main” branches Why Squashing? When a team is working on a…
Git: Update a feature branch with remote main branch
When our feature git branch is behind main branch, we need to bring feature branch up to date with main branch before raising a PR to merge feature into main branch. Updating Feature Git branch with main branch Step-1: first commit your changes to your development branch and checkout to local main branch. Step-2: fetch…