We all know the importance of developing with customer, reliability, or security mindsets. In reality, acquiring a mindset in an area requires time...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
Nice!
Depenabot is great, and now it's fully integrated into Github.
Didn't know Webhint, installing now :)
I also use LGTM (free for public repos) and Code Inspector (same)
And bandit (Python) security check in pre-commit hooks.
Sweet! Lemme know how you find it!
Didn't know about LGTM, gonna check that out.
good one!!!
@opinionatedpie Great article!
The hyperlinked text for Snyk is mis spelt :)
Yikes, thanks for catching that, i’ll have a look and fix.
for dependabot and renovate, are there any gitlab alternatives that you know of?
Snyk Open Source integrates with Gitlab and there is also a Dependabot for Gitlab work in progress project gitlab.com/dependabot-gitlab/depen...
This article covers that a bit blog.jdriven.com/2021/03/Running-D...
jvod.300hu.com/vod/product/d4e0094...
Please, please, make it obvious up front (preferably in the article title) when you're recommending tools that are only for a specific language, e.g. JavaScript. Thanks.
Hey hey, they’re actually not just for JavaScript / just one language - with the exception of Webhint. I’ve mentioned that clearly for Dependabot, Renovate and Snyk, and GitGuardian is focused on secrets.
Yes, Webhint is JS-only, and that's not obvious until you've dug through their site. Snyk has extremely limited language support, 2 of the 4 are JS, and I don't use any of them.
I'm just saying that it would be nice to be able to look at articles like this and quickly distinguish which recommendations are relevant and which are not.
Snyk has support for 4 languages for Code and 10 for Open Source. Snyk Container is its own thing. I get your suggestion and definitely will when it applies, but I don’t think it’s the case here.
The aim is to cover areas you will most likely encounter at work or in open source, and maybe get folks to try some tools they’ve never used before.