John Nicholas’ Post

Find and fix whitespace errors using this one weird git trick 🔀 I noticed some whitespace warnings from git while staging a commit. I wondered if I had maybe made some other commits to this branch with trailing whitespace and indentation issues. To answer this, I did a check: `$ git diff main --check` There were issues across a couple different files and commits. Instead of having to go fix each individual spot and then take on a silly "whitespace fixes" commit, I asked git to take care of it for me: `$ git rebase --whitespace=fix main`. It fixed, via rebase, each of the offending commits, with no extra work from me. I was able to quickly do this today because I had written down the steps as a TIL a few weeks back: https://lnkd.in/gjYgtEai

The beauty of code is you can build something that saves you hours of time. I recently found that I had a mix of HTTPS and SSH URLs for my cloned repos. I had multiple methods of authenticating when pulling and pushing git repos. This lead to frustration and fragmentation. So, I built a script to replace all my HTTPS Git URLs with SSH URLs: https://lnkd.in/gDvBgM6u It’s important to note that I have this problem BECAUSE I’m a software engineer… so the code that’s saving me time is fixing a coding problem that was costing me… time. Ironic. Either way, instead of spending hours replacing URLs across ~4 machines, hundreds of repos, this script did it for me in 60 seconds. Software engineers: spending hours/days automating something that takes them minutes manually 😉

Here's a new threat model; dev clones a repo and the repo owner gets execution and persistence on the dev's endpoint. Example: CVE-2024-32002 yields RCE via git clone. Anomalous child procs for the git client (how many benign child procs can there be?) would be a possible detection / hunt https://lnkd.in/eT_uifEa

Be careful out there, freelancers and look before you `npm install`. We encounter this sometimes when starting work with a new client of whom we haven't had a face to face meeting with. Thankfully, Code UpScale has standards for security that protects us from falling victim to contracts that are too good to be true. Our engineers use common open-source and trusted security checking tools to assert that there is no malicious code or malicious/compromised packages as well as a visual read-through when starting work on a new project that already has active work on it.

🚀 Exciting News! 🚀 🔐 Secure Your Spring Boot Projects with JWT Authentication Template! 🔐 Are you working on a Spring Boot project and need a robust and secure authentication system? Look no further! Introducing the Spring Boot JWT Authentication Template! 🌟 This template provides a ready-to-use JWT-based authentication system that you can easily integrate into your Spring Boot projects. 🔗 Repo Link: https://lnkd.in/gFTmdrUB 📦 Key Features: - JWT-Based Authentication: A secure token-based authentication system using JSON Web Tokens (JWT). - Secure Endpoints: Protect your endpoints with JWT authentication. - Easy Integration: Simply clone the repository and follow the setup instructions. - Tested: The template includes tests to ensure functionality and reliability. Now, go ahead and secure your Spring Boot projects with ease! Don't forget to give this repository a star if you find it useful. Happy coding! 🌟 #SpringBoot #JWT #Authentication #Java #Programming #Security #Development #OpenSource #GitHub

GitLab's gitlabcis scanner determines level of compliance for GitLab projects. Learn how to install and use the tool with this tutorial, as well as what's on the roadmap.

Git 2.46 is here with new features like pseudo-merge bitmaps, more capable credential helpers, and a new git config command. Check out our coverage on some of the highlights here. https://lnkd.in/gCsu6ww9

# about CI/CD We had an application design of backend and frontend in 2 containers, and routing between them was performed by nginx. And I have asked myself, why containers could be automatically build and re-deployed on code commits, but my nginx route requires me to go to the ssh console? Is that ok? NO. So I've deployed it in additional container, set up dockerfile and .yml od Github Actions, and voila! Nginx config gets update directly from our github repo. And yes, for a new deployment I have created Pulumi script, and also store it on GitHub. Why not. But we had an argument with our software architect, how safe is GitHub. Is it ok to store ssl certs there also, for example? How do you think?

💡 Today I learned, how to search for commits that added or removed a string. When working in a large code base, finding the commit that added a block of mysterious code can be tricky. If the code addition was a while ago, `git blame` will probably show you irrelevant commits. If the file's "hot", looking at the commit history is no option either because there will be too many changes. If you're using Git on the command line, `git log -S` helps out here. Apply your search string via `-S` (a condition, function call, or unique enough method name), and Git will return all the commits that added or removed your search string. And just like, that you'll find the commit that added a line of code. Pretty neat!

My cpputest-for-qpc repo has been significantly refactored. This repo is now library only focused. A separate repository now provides the top-level example of how to import this library and use it to create unit tests for a QP/C active object. Semantic versioning. Release pages. Better CMAKE usage. (I hope...) Enjoy! https://lnkd.in/efgEnbSx