Part 3: Scanning Java Code with SonarQube (SAST)
π This post is part of the DevSecOps for Java series:
π Why Scan Your Code?
In Part 2, we scanned our dependencies with Snyk (SCA).But what about the actual Java code we write?
Part2: Scanning Java Dependencies with Snyk (SCA)
π This post is part of the DevSecOps for Java series:
π§ͺ Why Dependencies Can Be Dangerous
You might write a thousand lines of clean Java code β but you’re still importing tens of thousands of lines of someone elseβs code via pom.xml.
Part 1: Building a DevSecOps Pipeline for Java
π This post is part of the DevSecOps for Java series:
π Welcome to the DevSecOps for Java Series
In this blog series, weβre going to build a real-world, security-first CI/CD pipeline for a Java application, deployed on Azure, using some of the best open-source tools out there.
Azure Subscription Vending β What We Built, Why We Did It, and How It Scales
Azure Subscription Vending β What We Built, Why We Did It, and How It Scales
We didnβt plan to build a subscription vending machine.
Honestly, we were just trying to help one team get their own Azure subscription for a new project. Simple enough. But by the time we set up IAM, applied the right policies, configured budget alerts, enabled Defender, and double-checked tags… we realized something.
We were doing the same setup again.
And again.
And again.