Peter Toft Jølving

What's your favorite tool or method of securing 3rd party packages against vulnerabilities, "supply chain attacks", and malicious packages in a #dotnet, #javascript and #Docker / #Kubernetes setting?

Is it #Snyk, #FOSSA, #SonarQube / #SonarCloud, or something else entirely?

Boosts and recommendations highly appreciated. 🙏

Jul 11, 2024 at 3:59amWeb
Show threadRob Jul 11, 2024
@joelving Visual Studio is starting to warn about vulnerabilities.
Show threadPeter Toft JølvingJul 12, 2024
@rheckart I know, but we need a bit more, like quality gates in pipelines and alerts or automatic PRs bumping dependencies.
Show threadKhalid ⚡Jul 11, 2024

@joelving @rheckart #JetBrains has Qodana, which partners with Checkmarx.

We also recently have a self-hosted option and 40% off for a limited time.

https://blog.jetbrains.com/qodana/2024/07/qodana-self-hosted-is-out-get-40-off-this-static-code-analysis-team-tool/

https://www.jetbrains.com/help/qodana/vulnerability-checker.html

Qodana Self-Hosted Is Out – Get 40% OFF This Static Code Analysis Team Tool | The Qodana Blog

Following successful Beta tests with some of our clients, we’re now launching the first release of Qodana Self-Hosted, allowing you to manage, maintain, and upgrade our code quality platform entirely on your end.

The JetBrains Blog
Show threadPeter Toft JølvingJul 12, 2024
@khalidabuhakmeh @rheckart thanks! I'll consider that one as well. 😊
Show threadKhalid ⚡Jul 12, 2024
@joelving @rheckart feel free to ask questions. Here to help.