-
Environment Variables as GitHub Codespaces Secret
It’s been long since we are asking programmers “not to push connection strings and API Keys” to the source code. And also, set them as environment variables for production. But you still here and there you can find sensitive information on both repository and config files on production server! GitHub Codespaces gives you the solution […]
-
Security flaw of github token and secrets
There are security flaws on github token and github secrets, lets review them and make sure we are aware of it. Since microsoft acquired GitHub, they are investing heavily on monetizing it (for organizations not open source). So, lots of good features are added literary everyday. But it seems GitHub is not there yet, there are really scary security flaws around for organizations.
-
SonarQube Pull Request Scanner + Community
On the previous article, we installed a SonarQube community server on ubuntu and using SQL server. Now We are going to expand our learnings and create the whole process of code quality assurance with SonarQube. We are making a CI/CD workflow so that any line of new code be scanned and measured by SonarQube. This […]
-
SonarQube installation on Ubuntu + SQL Server
What is SonarQube? SonarQube is a code quality scanner that can scan many languages including Java, C# and JavaScript. Although SonarQube code scanner and sonarqube code coverage is very advanced in C#, it seems in the DotNet world the the concept of code quality scannanning and specially SonarQube did not grow to its full potential. […]
-
Much better life using the project for Dotnet Publish!
Wonder how you should use Dotnet Publish Command? Do you publish the project or the solution? Here is some info about publish dotnet command!