JavaScript, webdev

RegEx 101

Regular expression or in short Regex is a string of text that lets you create patterns that help match, locate, and manage text. It’s an important tool in a wide variety of computing applications, from programming languages like JS, Java and Perl, to text processing tools like grep, sed, and vim.

Here are a few helpers to refresh your mind when you need some ‘simple’ regex to do the job.

Continue reading
Standard
cloud, JavaScript

Integrate JFrog Xray with Slack

The need to protect your software and to be updated about vulnerabilities is getting stronger. JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project. It works with Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. Xray provides great visibility into issues lurking in components anywhere in your organization and there are many cases where you wish to get notified on a security violation (or a license breach) directly to Slack.

Getting Started

We will use Xray’s Webhooks to define our server’s and base on the policies/rules our Webhook will be notified with the alerts about violations (security or licenses).

Continue reading
Standard
cloud, JavaScript

Export Violations From JFrog Xray to CSV

The trend of #DevSecOps is growing fast and it is no longer just part of your security team. More and more organizations wish to integrate their security team in all the phases of development and operations. To achieve it, there are cases where you need to export data from JFrog Xray (in our case to a CSV format) so you can ingest it to your current logging/monitoring system. 

What is Xray?

In a nutshell, JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to more trust in your software. 

By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

Xray API

One of the best parts is that JFrog Xray is also fully automated through a rich REST API. We will use it to create this Exporter. Please feel free to clone/fork the code below and use it, but remember you might need to add pagination and a watchdog for a real system.

Continue reading
Standard
cloud, JavaScript

How To Build An Integration With JFrog Xray?

The trend of DevSecOps is not new but it’s growing fast. More and more organizations wish to integrate their security team in all the phases of development and operation. 

Many security products keep your code safe from vulnerabilities at different stages (dev, test, qa and prod). However, JFrog Xray is unique in its capabilities to perform analysis of all the binaries you are consuming in your project.

JFrog Xray works with JFrog Artifactory to perform a deep analysis of binary components at any stage of the application lifecycle. It provides full transparency that leads to (more) trust in your software. By scanning binary components and their metadata, recursively going through dependencies at any level (think on the layers you have in any Docker container), JFrog Xray provides great visibility into issues lurking in components anywhere in your organization.

One of the best parts is that JFrog Xray is also fully automated through a rich REST API that lets it integrate with a CI/CD pipeline and allows other binary analysis tools to build on its unique capabilities.

Continue reading
Standard
cloud, webdev

Code Reviews Will Improve You (And Your Code)

Fog on mountains

There are many options to improve your software quality.
One of the most effective methods is to do code reviews with other developers.
Code reviews are as much a social interaction as a technical best practice. In a healthy engineering culture (egoless), team members engage their peers to improve the quality of their code and increase their productivity. Developers understand that the time they spend looking at a colleague’s code is repaid when other team members examine their own deliverables. These days, most of the companies (e.g. Facebook, Netflix, Google, Amazon, Uber) are embracing it, so it’s another sign that something is working well here.
The important thing to remember when you are doing a code review is to be kind and to ask questions (clarifications) before you suggesting anything.

Why Ask For A Peer Review?

  1. The most basic reason is to find bugs.
    If you won’t ask for it, you will miss bugs in your code:
    a. Accidental errors – typos or mixing variables.
    b. Structural errors – dead code, logic or algorithm bugs, performance or architecture concerns. These are often much easier to spot for an external reviewers the see your work from their perspective.
  2. You preventing from yourself a great way to learn and get better – Committers are motivated by the notion of a viewer who will look over the change request: the committer tends to clean up loose ends, consolidate TODOs, and generally improve the commit.
  3. Your code is not as clear as you think. Another developer will make it better both from its testability and readability aspects.

Code reviews are very important not only for developers but also to product managers, test engineers, designers and others.

In many cases, developers will be the first ones to see the benefits. It will allow them to move faster and with higher quality. Continue reading

Standard
JavaScript, life

The Monty Hall Problem

The Monty Hall problem is a brain teaser loosely based on the American television game show “Let’s Make a Deal” and named after its original host, Monty Hall.

I wrote a little web app that show you what is the right choice with a simulator. It’s a bit hard to explain the correct solution as it’s going against ‘common’ sense. Continue reading

Standard
webdev

Useful Google Sheets Functions

water falls

From time to time you want to get more from your data in Google Sheet. It might be some information you collected from a form or any other spreadsheet with data you wish to work on. Here are some useful functions for common tasks.

1. Return the last row

There is no specific function to return the “last row” – but this hack is working perfectly.

=INDEX(A:A,COUNTA(A:A),1)

2. Joining text

Useful for all the cases where you have first name and last name in 2 columns and you wish to join them.

="this name " & A1 & “ plus this extra name ” & B1

or if you have cells you wish to merge into one with a certain delimiter:
=join(“;”,A1:A5)

3. Import any RSS, HTML or CSV data Continue reading

Standard
Chrome, HTML5, webdev

Share Location On The Web With Waze

If you have a website that contain ‘just’ your (business) address you can do better.

How?

You can use the links below to help your users navigate to you with one click.

This will save them the trouble to ‘select’, ‘copy’ and open their map app in order to get to you. Waze supports an API which enables developers to open the Waze client application through an external URL. The URL can be accessed from within your mobile web page or web app.

waze-logo

The following are the available parameters you can insert to your ‘a href’ tag: Continue reading

Standard