I have archived this account after the new management changes that are very unpleasant. Please find me somewhere else through my blog👇, @Rob_Bos@mstdn.social or LinkedIn:

Very insightful post on attacking Source Control Management systems (SCM)! https://t.co/LLQnWbnc4Q

Interesting read! https://t.co/ptqgdWkXQR

The GitHub Silverware Drawer Dilemma, Or: Finding Active Repository Forks | Hackaday

I scanned every package on PyPi and found 57 live AWS keys

Devs urged to rotate secrets after CircleCI suffers security breach | The Daily Swig

10 software supply chain attacks you can learn from

My best viewed blogposts created in 2022: Number 1 https://t.co/cJCZBLXaM2 Explaining the different types of GitHub Access Tokens you can use to get access to GitHub

My top blogposts created in 2022: Number 2 https://t.co/8Q0PaUVD5S Only created in August, but now my best viewed post on a monthly basis! Six reasons of why you workflow did not start and how to check them!

My top blogposts created in 2022: Number 3 https://t.co/3FN87e9wDs About a much asked for approach to cleanup the notifications on GitHub

My top blogposts created in 2022: Number 4 https://t.co/DBPCPdlxEE About scanning the entire! GitHub Actions Marketplace for security issues in their dependencies!

My top blogposts created in 2022: Number 5 https://t.co/nIdjdpWXQd About detecting usage of the camera in Windows and triggering my Home Automation setup for that!

My top blogposts created in 2022: Number 6: https://t.co/V2ZuRzlIAj My take on how I create a GitHub Action and where I start.

My top blogposts created in 2022: Number 7: Configuration as Code for the GitHub platform. There are lots of posts talking about this, but few with an actual implementation. I create one for inviting users and creating repos for them. Read it here: https://t.co/4Fy57TCUMW

Finding the next Log4j – OpenSSF’s Brian Behlendorf on pivoting to a ‘risk-centred view’ of open source development.

So... I have enabled actionlint on 3 repos today, and fixed 2 workflows that had vulnerabilities or errors in them. And I am educating people on using GitHub Actions in a safe way for a couple of years now! ActionLint: https://t.co/OpIaQcCz9E #BeSaferPeople #DevOps #GitHub

New blogpost! Adding the OSSF scorecard action to your repository: https://t.co/5YA9iIV79z This can help you improve the security in your repository, with actionable alerts (and super easy fixes for some!).

.NET 7 Networking Improvements

These numbers are scary! (On the other hand: I will always have a job!). Culture a Stumbling Block to DevOps, DevSecOps

Dependabot now supports security updates for Dart and Flutter apps that use Pub packages