top of page


Public·12 members
Everett Miller
Everett Miller

CommitStrip ? ?When I Get The Results From The Security Audit

Should it be SecDevOps, which implies a secure version of DevOps?Alternatively, should it be referred to as DevSecOps or one of the other two variations, which implying security more specifically from the development perspective?

CommitStrip – ‘When I Get The Results From The Security Audit’


From version 6 onwards npm comes build with audit command which checks for vulnerabilities in your dependencies and runs automatically when you install a package with npm install. You can also run npm audit manually on your locally installed packages to conduct a security audit of the package and produce a report of dependency vulnerabilities and suggested patches.

"Running npm audit will produce a report of security vulnerabilities with the affected package name, vulnerability severity and description, path, and other information, and, if available, commands to apply patches to resolve vulnerabilities."

Cypress captures videos from test runs and whenever a test fails you can watch the failure video side by side with the video from the last successful test run. The differences in the subject under test are quickly obvious as Bahtumov's tips suggests.

Different USB tokens might use different client software/drivers - but they all have one thing in common - the USB token needs to be present (i.e. plugged in to the machine) when code signing. This seemingly innocuous little USB token (which looks just like a memory stick) needs to be physically secure. If someone walks past your machine and takes it (likely thinking it's a memory stick), well you are up a creek without a paddle. My SafeNet token has a bright blue LED on the end that just screams "Take me!". Our build servers are colocated at a data centre - so leaving things like USB devices plugged in is asking for trouble. It's not like I can walk over and plug it in when needed (every day!). The data center is 300km from where I live/work.

We use many third-party Delphi libraries to build FinalBuilder and Automise, and that brings plenty of issues when upgrading compiler versions. I've been using Delphi since 1995, both as a developer and as a component vendor, I have learned a thing or two about creating libraries that I would like to share. These are all ideas that make life easier for users, and make it easy to migrate from one version of Delphi to another.

Any builds triggered from a repository change are then queued right through the day until the specified end time. Any additional changes added to the configuration repositories during the day are added to the queued build, and when the end time comes up, the build executes on the latest changeset.

The client is created using a Personal Access Token (PAT) from Azure DevOps. The security token is rather sensitive, but quite useful for such simple triggers. Be sure to not give / show this token to anyone!


Welcome to the group! You can connect with other members, ge...


  • deisaray jones
  • Andres Faria
    Andres Faria
  • Asher Ward
    Asher Ward
  • Ian Walker
    Ian Walker
  • Joseph Foster
    Joseph Foster
Group Page: Groups_SingleGroup
bottom of page