Liran Tal 

@[email protected]
676 Followers
287 Following
2.3K Posts

🌟 GitHub Star 2022
🏆 OpenJS Pathfinder award for Security 2022
🥑 DevRel at @snyksec
@NodeJS AppSec & OpenSource ❤️
O'Reilly author on Serverless JavaScript Security
Docker container security hero 🐳

Author of Node.js Security 👉 bit.ly/node-security
Author of Security Headers 👉 bit.ly/http-security

Interests:
#OpenSource #NodeJS #AppSec #JavaScript #Containers #Docker #SupplyChainSecurity #Snyk #OWASP #GitHub #DevSecOps #DevRel #CNCF #OpenSSF #OpenJSF

Websitehttps://lirantal.com
GitHubhttps://github.com/lirantal
Twitterhttps://twitter.com/liran_tal
Node.js Secure Codinghttps://www.nodejs-security.com/
Liran Tal 1h ago
we got a new toy in the office
should I walkmaxxing ??
Liran Tal 8h ago

ooofff why would you not allow to create a repository scoped token using the GitHub CLI?

that's a really good pattern for the `gh` CLI that can help automate agents in a secure way...

Liran Tal 1d ago

What startups are hiring now? 👀

post a link

Liran Tal 1d ago
all of them said they're using skills
how many of them know they installed a malicious skill?
Liran Tal 1d ago
ain't that struggle real
Liran Tal 1d ago
yep, that's kinda smart Codex
Liran Tal 1d ago
just realized my weekly github squares tell the trend for software industry ever since LLMs came out
Liran Tal 1d ago

Between all the MD files on your repos, which are the conventions that actually stick and work well?

I'm thinking of having stock (generic enough to apply to all) for:
- AGENTS[.]md
- CONTRIBUTING[.]md
- RELEASE[.]md

and then having project specific guidelines in a docs/ directory and maybe a DEVELOPMENT[.]md file

WDYT?
What works for you?

Liran Tal 2d ago
Cursor team how did you not think to namespace plans to specific projects/workspaces?? 😭
Liran Tal 2d ago
cooking a new benchmark, really cool for y'all to be able to get understanding of security review and code scanning from LLMs vs deterministic SAST tools