Highest Voted 'devsecops' Questions

6

votes

1 answer

Comparison between Snyk and Sonarcloud/SonarQube?

I need to do a comparison between the features and functionality of Snyk and Sonarcloud/Sonarqube and the only thing I can find is a speed comparison: https://snyk.io/blog/sast-tools-speed-comparison-snyk-code-sonarqube-lgtm/ ....does anyone know if…

asked Dec 30 '21 at 17:57

mark11

63
3

2

votes

1 answer

How to do Snyk code test in Jenkins pipeline?

I am helping our DevOps team integrate Snyk into the Jenkins pipelines for SAST. By default, it seems like this Snyk plugin is doing snyk test (which does open-source dependency scans) and appends the additional arguments provided with it. I…

jenkins devops snyk sast devsecops

asked Apr 07 '22 at 08:27

iamahecker

21
5

1

vote

2 answers

/docker-entrypoint.sh: line 13: exec: image: not found

I am encountering this issue : /docker-entrypoint.sh: line 13: exec: image: not found when trying to add an image to anchore/engine-cli on docker. Specifically I run : docker run anchore/engine-cli image add XXXXX:"image-name" Could anyone help me…

docker containers devops scanf devsecops

asked Jul 24 '23 at 13:36

TheTricky65

33
4

1

vote

1 answer

Trufflehog not finding hard-coded password & secrets

I'm using trufflehog_3.33.0_linux_amd64.tar.gz to detect the passwords and tokens. Actually i have hard-coded tokens & passwords and committed them into my github repository. But when i tried to scan it is not finding tokens and passwords. $…

security passwords devops devsecops

asked May 04 '23 at 13:56

user4948798

1,924
4
43
89

1

vote

0 answers

Select quality profile from Sonar-project.properties file for sonarcloud scan

I have created a custom quality profile from sonarcloud console. I am able to make it default from UI and do the sonarcloud scans for that. Now, for my use-case: I want to do this from sonar-project.properties file so that I can use different…

sonarqube devops sonarcloud devsecops

asked Mar 14 '23 at 09:01

Shivam Gautam

11
2

1

vote

1 answer

How can i upgrade System.Text.RegularExpressions version?

i am running azure pipline with Mend Bolt task to detect old libraries, and i got: Notice for System.Text.RegularExpressions the existing version is 4.3.1 and the suggested fix is ALSO 4.3.1 but it seems it is not taken in consideration. PS: my…

c# .net-core azure-devops devsecops

asked Feb 12 '23 at 11:15

Mohamed

239
1
4
17

1

vote

1 answer

Sonar and Veracode

Is sonar and veracode serves the same purpose or we can use both tools to scan our applications? Metrics like, coverage, duplications, bugs and code smells are avilable in sonar but they are not available in veracode. so we need to use both tools or…

sonarqube veracode devsecops sast

asked Feb 02 '23 at 05:53

Naresh Ede

123
2
12

1

vote

2 answers

Snyk CLI for docker scan azure pipeline

I need to run snyk scan for Azure container and set it to fail only when there are new vulnerabilities found as compared to previous image. I did follow the snyk-delta document to configure task in azure but the tasks are getting failed. Suggestions…

azure security azure-devops snyk devsecops

asked Dec 22 '22 at 15:45

Vaybhaw

11
1

1

vote

1 answer

Why Sonarqube stops before running completely?

I am installing Sonarqube (community version) (v8). I know I need JDK 11, so I have installed it using Windows Installer. Whatsmore, I hace changed wrapper.java.command to wrapper.java.command=C:\Program Files\Java\jdk-11.0.16\bin\java.exe (I have…

java sonarqube java-11 devsecops

asked Sep 07 '22 at 08:41

Developing Electronics

45
5

1

vote

0 answers

How to Generate a VEX document using a SBOM file?

I was trying with a tool called vexy github: https://github.com/madpah/vexy, but no help. I tried installing VEXY and for some reason it just does not let me scan the sbom file, vexy --in-file /home/deepak/Desktop/bom.json i used the above line to…

security owasp devsecops

asked Sep 06 '22 at 11:15

Deepak Venkatesh

11
1

1

vote

1 answer

Trying to update my .gitlab-ci.yml file to run SAST and the pipeline fails (Failed to pull image)

Still pretty new to this so forgive me if I'm saying anything wrongly. This is my code stages: runSAST run-sast-job: stage: runSAST image: maven:3.8.6-openjdk-11-sliim script: | - mvn verify package sonar:sonar…

docker maven gitlab devsecops sast

asked Aug 31 '22 at 18:21

codestein

59
6

1

vote

0 answers

Elasticsearch encryption settings

Due to auditing requirements, it is necessary to encrypt all connections between the application and the elasticsearch cluster after a little googling, I realized that the elasticsearch cluster protection looks like this Enable x-pack: true in…

elasticsearch devops devsecops

asked Aug 03 '22 at 11:07

nfdklg

13
4

1

vote

1 answer

Getting error while generating report in Sonarqube-9.4

I was scanning DotNet application using Sonarqube. Sonarscaner.MSBuild.exe begin, MSbuild and end, all 3 executed successfully in the same project root path. But while trying to access the report on Sonar server i get following…

sonarqube source-code-protection devsecops

asked May 24 '22 at 07:14

suraj vishwakarma

11
1

1

vote

1 answer

Automatically add a .gitlab-ci.yml file in CI/CD configuration file Settings

I'm completely new with GitLab and I have a scenario where I need to automatically add a .gitlab-ci.yml file to all the project repositories, in order to trigger the pipeline for vulnerability scan in Checkmarx. I found that we can manually add a…

gitlab continuous-integration checkmarx devsecops

asked Apr 12 '22 at 09:04

Jared Villanueva

15
3

1

vote

2 answers

What should be used for endpoint in renovate-bot config.json?

I am trying to set up config.json for Bitbucket Cloud to automatically update dependencies in npm repos of Bitbucket Cloud. I found one example, but cannot figure out two things: endpoint - what should go there (ABC)? - our company's bitbucket…

npm renovate devsecops

asked Oct 11 '21 at 19:45

Viji

412
4
15

Questions tagged [devsecops]