I recently was put on a project where we are doing development for a website. There was already a large code, and we went in to add features in order to complete the site, and perform code refactoring when necessary. In order to accomplish this successfully, we decided to follow the SecureAgileTM, which involves ensuring […]
It’s that time of year, new year, new SecureCI release! 2015 ended well, with Coveros releasing a much more robust version of SecureCI. Not too many new features, but lots of bug fixes and some major upgrades of the application. This release focused on updating core components to latest release versions, correcting critical defects, and […]
When managers are deciding how to allocate funds and resources on a project, their first request is usually for metrics. With so much data floating around, the message may end up lost, or worse, misinterpreted. Tools such as SonarQube and Jenkins do display such information, but in a way that is often too detailed or […]
[WARNING] Some problems were encountered while building the effective model for GoodPom:GoodPom:jar:1.0-SNAPSHOT [WARNING] ‘build.plugins.plugin.version’ for org.codehaus.mojo:build-helper-maven-plugin is missing. @ line 19, column 15 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. I have been working with a client that has a complex maven project. […]
The software development IDE, JetBrains PhpStorm, is a versatile tool to incorporate into a DevOps pipeline. One useful method of expanding upon its native features is to add the SonarQube plugin to provide source code analysis. Step-by-step documentation is scattered or insufficient, so I have compiled an explanation of the process, with accompanying screenshots. This does […]
The Problem When building any application, library or framework one of the design decisions you make again and again is flexibility. This is shown by many of the choices you make during development. But what about when you want your application, library or framework to be configurable. What is Typesafe Config? It […]
As I’m certain everyone is aware, a new version of SecureCI™ has been released! Many more tools have been included, and while the basic setup is the same, there is a bit more configuration that you’ll need to setup. My previous post of how to startup a new instance of SecureCI™ is still accurate, however […]
Introduction It’s been a while since I’ve posted about some BDD work, but I’ve recently gotten back into it using Behave. Over the next few months, I’ll be posting more and more, as I get deeper into the tool, but I figure I’ll start with a comparison based on my initial work. This post will […]
DevOps and Security have often been considered mutually exclusive. Both are imperative to developing high-quality applications, but continue to be seen as entirely separate processes. Tools that combine DevOps and Security tend to only integrate static security code analysis, and do so within the early stages of Continuous Integration. These scans are performed simultaneously, running […]
Introduction One major problem with writing a good mobile web app, is that it needs to run over ALL of the devices out there. While there a plenty of hacks to get your mobile site to only load/respond on certain device, it’s generally frowned upon, and not best practice. There are multiple ways to set […]
